Evading android runtime analysis via sandbox detection

ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

Volumn , Issue , 2014, Pages 447-458

  Vidas, Timothy ^a   Christin, Nicolas ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Android; Evasion; Malware; Sandbox; Security

Indexed keywords

ANDROID (OPERATING SYSTEM); COMPUTER CRIME; MALWARE; VIRTUAL REALITY;

ANDROID; EVASION; FUNDAMENTAL LIMITATIONS; HARDWARE AND SOFTWARE COMPONENTS; PUBLICLY ACCESSIBLE; SANDBOX; SANDBOX DETECTIONS; SECURITY;

MOBILE SECURITY;

EID: 84982804575     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2590296.2590325     Document Type: Conference Paper

References (41)

1. AMAT: Android Malware Analysis Toolkit. http: //sourceforge.net/projects/amatlinux/.
2. Andrubis. http://anubis.iseclab.org/.
3. CopperDroid. http://copperdroid.isg.rhul.ac. uk/copperdroid/.
4. DroidBox. https://code.google.com/p/droidbox/.
5. Droidbox device identifier patch. https://code.google.com/p/droidbox/ source/browse/trunk/droidbox23/ framework-base.patch?r=82.
6. Foresafe. http://www.foresafe.com/scan.
7. mobile-sandbox. http://mobilesandbox.org/.
8. Monitoring the Battery Level and Charging State Android Developers. http://developer.android.com/ training/monitoring-devicestate/ battery-monitoring.html.
9. North American Numbering Plan Adminstration search. www.nanpa.com/enas/areâcode-query.do.
10. SandDroid. http://sanddroid.xjtu.edu.cn/.
11. Using the Android Emulator Android Developers. http://developer.android.com/tools/ devices/emulator.html.
12. U. Bayer, P. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, behavior-based malware clustering. In NDSS, 2009.
13. T. Blasing, L. Batyuk, A. Schmidt, S. Camtepe, and S. Albayrak. An android application sandbox system for suspicious software detection. In MALWARE'10, 2010.
14. D. J. Chaboya, R. A. Raines, R. O. Baldwin, and B. E. Mullins. Network intrusion detection: automated and manual methods prone to attack and evasion. Security & Privacy, IEEE, 4(6):36-43, 2006.
15. X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In Dependable Systems and Networks With FTCS and DCC, 2008. IEEE International Conference on, pages 177-186, 2008.
16. H. Dreger, A. Feldmann, V. Paxson, and R. Sommer. Operational experiences with high-volume network intrusion detection. In Proc. CCS, pages 2-11. ACM, 2004.
17. M. F. and P. Schulz. Detecting android sandboxes, Aug 2012. https://www.dexlabs.org/blog/btdetect.
18. A. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In Proc. SPSM, pages 3-14. ACM, 2011.
19. P. Ferrie. Attacks on more virtual machine emulators. Symantec Technology Exchange, 2007.
20. P. Fogla and W. Lee. Evading network anomaly detection systems: formal reasoning and practical techniques. In Proc. CCS, pages 59-68. ACM, 2006.
21. M. Handley, V. Paxson, and C. Kreibich. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In Proc. USENIX Security, 2001.
22. T. Holz and F. Raynal. Detecting honeypots and other suspicious environments. In Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC, pages 29-36. IEEE, 2005.
23. P. G. Kelley, S. Consolvo, L. F. Cranor, J. Jung, N. Sadeh, and D. Wetherall. A conundrum of permissions: Installing applications on an android smartphone. In USEC'12, pages 68-79. Springer, 2012.
24. B. Lau and V. Svajcer. Measuring virtual machine detection in malware using dsd tracer. Journal in Computer Virology, 6(3):181-195, 2010.
25. H. Lockheimer. Android and Security, Feb 2012. http://googlemobile.blogspot.com/2012/ 02/android-and-security.html.
26. A. Moser, C. Kruegel, and E. Kirda. Exploring multiple execution paths for malware analysis. In Security and Privacy, 2007. SP'07. IEEE Symposium on, 2007.
27. D. Mutz, G. Vigna, and R. Kemmerer. An experience developing an ids stimulator for the black-box testing of network intrusion detection systems. In Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pages 374-383. IEEE, 2003.
28. J. Oberheide and C. Miller. Dissecting the android bouncer. SummerCon2012, New York, 2012.
29. T. Ooura. Improvement of the pi calculation algorithm and implementation of fast multiple precision computation. Transactions-Japan Society for Industrial and Applied Mathematics, 9(4):165-172, 1999.
30. R. Paleari, L. Martignoni, G. F. Roglia, and D. Bruschi. A fistful of red-pills: How to automatically generate procedures to detect cpu emulators. In Proc. WOOT, volume 41, page 86. USENIX, 2009.
31. N. J. Percoco and S. Schulte. Adventures in bouncerland. Black Hat USA, 2012.
32. T. H. Ptacek and T. N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, DTIC Document, 1998.
33. T. Raffetseder, C. Krügel, and E. Kirda. Detecting system emulators. In Information Security. Springer, 2007.
34. J. Rutkowska. Red pill... or how to detect vmm using (almost) one cpu instruction. Invisible Things, 2004.
35. T. Strazzere. Dex education 201 anti-emulation, Sept 2013. http://hitcon.org/2013/download/Tim\ %20Strazzere\%20-\%20DexEducation.pdf.
36. T. Vidas and N. Christin. Sweetening android lemon markets: measuring and combating malware in application marketplaces. In Proc. 3rd CODASPY, pages 197-208. ACM, 2013.
37. T. Vidas, D. Votipka, and N. Christin. All your droid are belong to us: A survey of current android attacks. In Proc. WOOT. USENIX, 2011.
38. T. Vidas, C. Zhang, and N. Christin. Toward a general collection methodology for android devices. DFRWS'11, 2011.
39. C. Willems, T. Holz, and F. Freiling. Toward automated dynamic malware analysis using cwsandbox. Security & Privacy, IEEE, 5(2):32-39, 2007.
40. Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Proc. IEEE Symp. on Security and Privacy, 2012.
41. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proc. NDSS, 2012.