CopperDroid: Automatic Reconstruction of Android Malware Behaviors

22nd Annual Network and Distributed System Security Symposium, NDSS 2015

Volumn , Issue , 2015, Pages

  Tam, Kimberly ^a   Khan, Salahuddin J ^a   Fattori, Aristide ^b   Cavallaro, Lorenzo ^a  

^a UNIVERSITY OF LONDON   (United Kingdom)

^b UNIVERSITY OF MILAN   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); COMMERCE; LIFE CYCLE; SEMANTICS;

ANALYSIS SYSTEM; ANDROID MALWARE; ANDROID MARKETS; ANDROID PLATFORMS; AUTOMATIC RECONSTRUCTION; CYBERCRIMINALS; DYNAMICS ANALYSIS; MALWARE BEHAVIORS; MALWARES; SYSTEM CALLS;

ANDROID MALWARE;

EID: 85063002231     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.14722/ndss.2015.23145     Document Type: Conference Paper

References (49)

1. S. Anand, M. Naik, H. Yang, and M. Harrold, “Automated concolic testing of smartphone apps, ” in Proc. of FSE, 2012.
2. Android, “Android developer reference, ” http://developer.android.com/reference/packages.html.
3. Android, “Monkeyrunner, ” http://developer.android.com/tools/help/monkeyrunner_concepts.html.
4. N. Artenstein and I. Revivo, “Man in the binder: He who controls ipc, controls the droid, ” 2014.
5. U. Bayer, C. Kruegel, and E. Kirda, “Ttanalyze: A tool for analyzing malware, ” in Proc. of EICAR, 2006.
6. F. Bellard, “QEMU, a fast and portable dynamic translator, ” in Proc. of USENIX ATC, 2005.
7. D. Bornstein, “Dalvik VM internals, ” in Google I/O, 2008.
8. D. Brumley, C. Hartwig, Z. Liang, J. Newsome, D. Song, and H. Yin, “Automatically identifying trigger-based behavior in malware, ” Botnet Detection, 2008.
9. C. Cadar, D. Dunbar, and D. R. Engler, “Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs, ” in OSDI, 2008.
10. L. Cavallaro, P. Saxena, and R. Sekar, “On the limits of information flow techniques for malware analysis and containment, ” in DIMVA, 2008.
11. Contagio Mobile, “Mila Parkour, ” http://contagiominidump.blogspot. com.
12. D. Desai, “Malware Analysis Report: Trojan: AndroidOS/Zitmo, ” Semptember 2011, http://www.kindsight.net/sites/default/files/android_trojan_zitmo_final_pdf_17585.pdf.
13. A. Developers, “Parcelable, ” http://developer.android.com/reference/android/os/Parcelable.html.
14. W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth, “Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones, ” in USENIX OSDI, 2010.
15. W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of android application security, ” in USENIX Security, 2011.
16. W. Enck, M. Ongtang, and P. McDaniel, “On lightweight mobile phone application certification, ” in ACM CCS, 2009.
17. W. Enck, M. Ongtang, and P. McDaniel, “Understanding android security, ” IEEE Security and Privacy, vol. 7, no. 1, pp. 50-57, Jan. 2009. [Online]. Available: http://dx.doi.org/10.1109/MSP.2009.26
18. A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified, ” in Proc. of CCS, 2011.
19. S. Fiegerman, “Android now has 1 billion active users, ” Jun 2014.
20. T. Garfinkel and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection, ” in Proc. of NDSS, 2003.
21. A. Gianazza, F. Maggi, A. Fattori, L. Cavallaro, and S. Zanero, “Pup-petdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications, ” CoRR, vol. abs/1402.4826, 2014.
22. S. Hanna, L. Huang, E. Wu, S. Li, C. Chen, and D. Song, “Juxtapp: A scalable system for detecting code reuse among android applications, ” in Proc. of DIMVA, 2012.
23. M. Hibben, “Apple ios vs. android: The wealth of ecosystems, ” Jun 2014.
24. Iseclab, “Anubis, ” http://anubis.iseclab.org.
25. R. King, “Google readies android'kitkat' amid 1 billion device activations milestone, ” Sep 2013.
26. D. Kirat, G. Vigna, and C. Kruegel, “BareCloud: Bare-metal Analysis-based Evasive Malware Detection, ” in 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, 2014.
27. A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu, and E. Kirda, “AccessMiner: Using system-centric models for malware protection, ” in Proc. of CCS, 2010.
28. M. Lindorfer, M. Neugschwandtner, L. Weichselbaum, Y. Fratantonio, V. van der Veen, and C. Platzer, “Andrubis - 1, 000, 000 Apps Later: A View on Current Android Malware Behaviors, ” in Proceedings of the the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2014.
29. H. Lockheimer, “Bouncer, ” http://googlemobile.blogspot.it/2012/02/android-and-security.html.
30. McAfee, “Mcafee, ” http://www.mcafee.com.
31. A. Moser, C. Kruegel, and E. Kirda, “Exploring multiple execution paths for malware analysis, ” in Proc. of the IEEE Symposium on Security and Privacy, 2007.
32. J. Oberheide and C. Miller, “Dissecting the Android's Bouncer, ” Sum-merCon, 2012, http://jon.oberheide.org/files/summercon12-bouncer.pdf.
33. H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Using probabilistic generative models for ranking risks of android apps, ” in ACM CCS, 2012.
34. B. PETROVAN, “Xposed framework creator weighs in on lollipop, art, and xposed, ” http://www.androidauthority.com/xposed-framework-lollipop-540928/.
35. V. Rastogi, Y. Chen, and W. Enck, “Appsplayground: Automatic security analysis of smartphone applications, ” in Proceedings of the Third ACM Conference on Data and Application Security and Privacy, ser. CODASPY'13. New York, NY, USA: ACM, 2013.
36. th European Workshop on System Security (EUROSEC), Prague, Czech Republic, April 2013.
37. G. Sarwar, O. Mehani, R. Boreli, and M. A. Kaafar, “On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices, ” in SECRYPT, Jul. 2013.
38. A. Slowinska and H. Bos, “Pointless tainting?: evaluating the practicality of pointer tainting, ” in EuroSys, W. Schröder-Preikschat, J. Wilkes, and R. Isaacs, Eds. ACM, 2009, pp. 61-74.
39. Statista, “Cumulative number of apps downloaded from the google play android app store as of july 2013, ” Jul 2013.
40. The Honeynet Project, “Droidbox, ” https://code.google.com/p/droidbox/.
41. C. Willems, T. Holz, and F. Freiling, “Toward automated dynamic malware analysis using cwsandbox, ” IEEE S&P, 2007.
42. R. Xu, H. Saıdi, and R. Anderson, “Aurasium: Practical policy enforcement for android applications, ” in Proc. of USENIX Security, 2012.
43. L.-K. Yan and H. Yin, “DroidScope: Seamlessly Reconstructing OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, ” in Proc. of USENIX Security, 2012.
44. Y. Zhang, M. Yang, B. Xu, Z. Yang, G. Gu, P. Ning, X. S. Wang, and B. Zang, “Vetting undesirable behaviors in android apps with permission use analysis, ” in ACM CCS, 2013.
45. C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou, “SmartDroid: an automatic system for revealing UI-based trigger conditions in Android applications, ” in Proc. of SPSM, 2012.
46. W. Zhou, Y. Zhou, X. Jiang, and P. Ning, “Detecting repackaged smartphone applications in third-party android marketplaces, ” in Proc. of CODASPY, 2012.
47. Y. Zhou and X. Jiang, “Dissecting android malware: Characterization and evolution, ” in Proc. of the IEEE Symposium on Security and Privacy, 2012.
48. Y. Zhou, Z. Wang, W. Zhou, and X. Jiang, “Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets, ” in Proc. of NDSS, 2012.
49. Y. Zhou and X. Jiang, “Android Malware Genome Project, ” http://www.malgenomeproject.org/.