Along with the TaintBench suite, we contribute the TaintBench framework to the research community. The TaintBench framework is a set of tools that are designed to support benchmark suite construction, automatic evaluation of Android taint analysis tools and manual inspection of analysis results.

Part 1 – Construction

The following tools support benchmark suite construction:

Part 2 – Evaluation

The following tools support automatic evaluation of Android taint analysis tools:

Part 3 – Inspection

The following tool supports manual inspection (triaging) of analysis results. It displays taint flows in TAF-format and AQL-format:

User Study

We conducted a user study for the two GUI-based tools — TB-Extractor and TB-Viewer. Our evaluation results show that experts document and inspect taint flows more efficiently when using the tools. Details about the user study can be found here.

Notice: Please cite the following paper if you are using TaintBench:

@article{TaintBench2021,
author = {Linghui Luo and Felix Pauck and Goran Piskachev and Manuel Benz and Ivan Pashchenko and Martin Mory and Eric Bodden and Ben Hermann and Fabio Massacci},
title = {TaintBench: Automatic Real-World Malware Benchmarking of Android Taint Analyses},
year = {2021},
journal = {Empirical Software Engineering},
note = {to appear}
}

Disclaimer:

Your download and use of this benchmark suite are at your own risk. We will not be liable for any loss or damage caused by malware or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of the TaintBench suite, or in any way in conjunction with, the TaintBench suite.