Analysis of Malicious and Benign Android Applications

Alazab, Moutaz; Moonsamy, Veelasha; Batten, Lynn; Lantz, Patrik; Tian, Ronghua

Analysis of Malicious and Benign Android Applications

Mark

Alazab, Moutaz ; Moonsamy, Veelasha ; Batten, Lynn ; Lantz, Patrik ^LU and Tian, Ronghua (2012) 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW) p.608-616

Abstract: Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names... (More); Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names have been correctly assigned by current anti-virus vendors. Our results indicate that the traditional anti-virus mechanisms are not able to correctly identify malicious Android applications. (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/3629805

author

Alazab, Moutaz ; Moonsamy, Veelasha ; Batten, Lynn ; Lantz, Patrik ^LU and Tian, Ronghua

organization

Crypto and Security-lup-obsolete (research group)

publishing date

2012

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Electrical Engineering, Electronic Engineering, Information Engineering

keywords

Mobile malware, Treemap, Dynamic analysis, Android, Behavior graph, DroidBox

host publication

32nd International Conference on Distributed Computing Systems Workshops (ICDCSW), Macau, China

pages

9 pages

publisher

IEEE - Institute of Electrical and Electronics Engineers Inc.

conference name

32nd International Conference on Distributed Computing Systems Workshops (ICDCSW)

conference location

Macau, China

conference dates

2012-06-18 - 2012-06-21

external identifiers

scopus:84866382195

ISSN

1545-0678

ISBN

978-1-4673-1423-7

DOI

10.1109/ICDCSW.2012.13

language

English

LU publication?

no

id

5ca20d60-36b7-4c86-abc5-35726869cbe1 (old id 3629805)

date added to LUP

2016-04-01 12:54:40

date last changed

2022-02-19 01:38:25

@inproceedings{5ca20d60-36b7-4c86-abc5-35726869cbe1,
  abstract     = {{Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names have been correctly assigned by current anti-virus vendors. Our results indicate that the traditional anti-virus mechanisms are not able to correctly identify malicious Android applications.}},
  author       = {{Alazab, Moutaz and Moonsamy, Veelasha and Batten, Lynn and Lantz, Patrik and Tian, Ronghua}},
  booktitle    = {{32nd International Conference on Distributed Computing Systems Workshops (ICDCSW), Macau, China}},
  isbn         = {{978-1-4673-1423-7}},
  issn         = {{1545-0678}},
  keywords     = {{Mobile malware; Treemap; Dynamic analysis; Android; Behavior graph; DroidBox}},
  language     = {{eng}},
  pages        = {{608--616}},
  publisher    = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}},
  title        = {{Analysis of Malicious and Benign Android Applications}},
  url          = {{http://dx.doi.org/10.1109/ICDCSW.2012.13}},
  doi          = {{10.1109/ICDCSW.2012.13}},
  year         = {{2012}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

Analysis of Malicious and Benign Android Applications