Advanced

Analysis of Malicious and Benign Android Applications

Alazab, Moutaz; Moonsamy, Veelasha; Batten, Lynn; Tian, Ronghua and Lantz, Patrik LU (2012) 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW) In [Host publication title missing] p.608-616
Abstract
Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names... (More)
Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names have been correctly assigned by current anti-virus vendors. Our results indicate that the traditional anti-virus mechanisms are not able to correctly identify malicious Android applications. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
Mobile malware, Treemap, Dynamic analysis, Android, Behavior graph, DroidBox
in
[Host publication title missing]
pages
9 pages
publisher
IEEE--Institute of Electrical and Electronics Engineers Inc.
conference name
32nd International Conference on Distributed Computing Systems Workshops (ICDCSW)
external identifiers
  • scopus:84866382195
ISSN
1545-0678
ISBN
978-1-4673-1423-7
DOI
10.1109/ICDCSW.2012.13
language
English
LU publication?
no
id
5ca20d60-36b7-4c86-abc5-35726869cbe1 (old id 3629805)
date added to LUP
2013-04-04 10:27:29
date last changed
2017-09-24 03:49:43
@inproceedings{5ca20d60-36b7-4c86-abc5-35726869cbe1,
  abstract     = {Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names have been correctly assigned by current anti-virus vendors. Our results indicate that the traditional anti-virus mechanisms are not able to correctly identify malicious Android applications.},
  author       = {Alazab, Moutaz and Moonsamy, Veelasha and Batten, Lynn and Tian, Ronghua and Lantz, Patrik},
  booktitle    = {[Host publication title missing]},
  isbn         = {978-1-4673-1423-7},
  issn         = {1545-0678},
  keyword      = {Mobile malware,Treemap,Dynamic analysis,Android,Behavior graph,DroidBox},
  language     = {eng},
  pages        = {608--616},
  publisher    = {IEEE--Institute of Electrical and Electronics Engineers Inc.},
  title        = {Analysis of Malicious and Benign Android Applications},
  url          = {http://dx.doi.org/10.1109/ICDCSW.2012.13},
  year         = {2012},
}