Skip to main content
SpringerLink
Log in
Book cover

Recent Advances in Computational Intelligence in Defense and Security pp 519–552Cite as

DroidAnalyst: Synergic App Framework for Static and Dynamic App Analysis

  • Chapter
  • First Online:

Part of the book series: Studies in Computational Intelligence ((SCI,volume 621))

Abstract

Evolution of mobile devices, availability of additional resources coupled with enhanced functionality has leveraged smartphone to substitute the conventional computing devices. Mobile device users have adopted smartphones for online payments, sending emails, social networking, and stores the user sensitive information. The ever increasing mobile devices has attracted malware authors and cybercriminals to target mobile platforms. Android, the most popular open source mobile OS is being targeted by the malware writers. In particular, less monitored third party markets are being used as infection and propagation sources. Given the threats posed by the increasing number of malicious apps, security researchers must be able to analyze the malware quickly and efficiently; this may not be feasible with the manual analysis. Hence, automated analysis techniques for app vetting and malware detection are necessary. In this chapter, we present DroidAnalyst, a novel automated app vetting and malware analysis framework that integrates the synergy of static and dynamic analysis to improve accuracy and efficiency of analysis. DroidAnalyst generates a unified analysis model that combines the strengths of the complementary approaches with multiple detection methods, to increase the app code analysis. We have evaluated our proposed solution DroidAnalyst against a reasonable dataset consisting real-world benign and malware apps.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://github.com/secure-software-engineering/DroidBench.

References

  1. Android tools: ADB, emulator, AVD manager, android, mksdcard, monkey, logcat. http://developer.android.com/tools/help

  2. Andrubis: a tool for analyzing unknown android applications. http://anubis.iseclab.org/ (2014). Accessed July 2014

  3. F-secure malware threat report 2012 q4. http://www.f-secure.com/static/doc/labs_global/Research/Mobile%20Threat%20Report%20Q4%202012.pdf (2014). Accessed November 2014

  4. F-secure malware threat report 2013 q3. http://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q3_2013.pdf (2014). Accessed July 2014

  5. F-secure malware threat report 2014 q1. http://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q1_2014_print.pdf (2014). Accessed June 2014

  6. First Sms Trojan for Android. http://www.securelist.com/en/blog/2254/First_SMS_Trojan_for_Android (2014). Accessed 2013

  7. Minimum redundancy feature selection-wiki. https://en.wikipedia.org/wiki/Minimum_redundancy_feature_selection (2014). Accessed August 2014

  8. Tcpdump/libcap public repository. http://www.tcpdump.org/ (2014). Accessed July 2014

  9. Android Malware Genome Project. http://www.malgenomeproject.org/ (2014). Accessed 11 February 2014

  10. VirusTotal. https://www.virustotal.com/ (2014). Accessed 11 February 2014

  11. APKTool. Reverse Engineering with ApkTool. https://code.google.com/android/apk-tool (2012. Accessed 20 March 2012

  12. BakSmali. Reverse Engineering with Smali/Baksmali. https://code.google.com/smali (2014). Accessed 20 March 2014

  13. BlackHat. Reverse Engineering with Androguard. https://code.google.com/androguard (2013). Accessed 29 March 2013

  14. Bläsing, T., Batyuk, L., Schmidt, A.-D., Çamtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: MALWARE, pp. 55–62 (2010)

    Google Scholar 

  15. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  MATH  Google Scholar 

  16. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM’11, pp. 15–26, New York. ACM (2011)

    Google Scholar 

  17. Conti, M., Dragoni, N., Gottardo, S.: Mithys: mind the hand you shake - protecting mobile devices from SSL usage vulnerabilities. CoRR, abs/1306.6729 (2013)

    Google Scholar 

  18. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 238–252. ACM (1977)

    Google Scholar 

  19. Desnos, A., Lantz, P.: Droidbox: an android application sandbox for dynamic analysis (2011)

    Google Scholar 

  20. Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., Gaur, M., Conti, M., Rajarajan, M.: Android security: a survey of issues, malware penetration, and defenses. Commun. Surv. Tutor. IEEE 17(2), 998–1022, Secondquarter (2015)

    Google Scholar 

  21. Faruki, P., Bharmal, A., Laxmi, V., Gaur, M.S., Conti, M., Rajarajan, M.: Evaluation of android anti-malware techniques against dalvik bytecode obfuscation. In: 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2014, Beijing, China, 24–26 September 2014, pp. 414–421 (2014)

    Google Scholar 

  22. Faruki, P., Ganmoor, V., Laxmi, V., Gaur, M.S., Bharmal, A.: Androsimilar: robust statistical feature signature for android malware detection. In: Proceedings of the 6th International Conference on Security of Information and Networks, SIN’13, pp. 152–159, New York. ACM (2013)

    Google Scholar 

  23. Faruki, P., Ganmoor, V., Vijay, L., Gaur, M., Conti, M.: Android platform invariant sandbox for analyzing malware and resource hogger apps. In: Proceedings of the 10th IEEE International Conference on Security and Privacy in Communication Networks (SecureComm 2014), Beijing China, 26–28 September 2014. Securecomm (2014)

    Google Scholar 

  24. Faruki, P., Laxmi, V., Bharmal, A., Gaur, M., Ganmoor, V.: Androsimilar: robust signature for detecting variants of android malware. J. Inf. Secur. Appl. (2014)

    Google Scholar 

  25. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In : Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, pp. 627–638, New York. ACM (2011)

    Google Scholar 

  26. Fernandes, E., Crispo, B., Conti, M.: FM 99.9, radio virus: exploiting FM radio broadcasts for malware deployment. IEEE Trans. Inf. Forensics Secur. 8(6), 1027–1037 (2013)

    Article  Google Scholar 

  27. Fritz, C., Arzt, S., Rasthofer, S., Bodden, E., Bartel, A., Klein, J., le Traon, Y., Octeau, D., McDaniel, P.: Highly precise taint analysis for android applications. Technical Report EC SPRIDE, TU Darmstadt (2013)

    Google Scholar 

  28. Grace, M.C., Zhou, W., Jiang, X., Sadeghi, A.-R.: Unsafe exposure analysis of mobile in-app advertisements. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC’12, pp. 101–112, New York. ACM (2012)

    Google Scholar 

  29. Grace, M.C., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: NDSS. The Internet Society (2012)

    Google Scholar 

  30. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N.M., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blythe, J., Dietrich, S., Camp, L.J. (eds.) Financial Cryptography Workshops, Lecture Notes in Computer Science, vol. 7398, pp. 68–79. Springer (2012)

    Google Scholar 

  31. Kildall, G.A.: A unified approach to global program optimization. In: Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages, pp. 194–206. ACM (1973)

    Google Scholar 

  32. Kim, J., Yoon, Y., Yi, K., Shin, J., Center, S.: ScanDal: static analyzer for detecting privacy leaks in android applications. In: Proceedings of the Workshop on Mobile Security Technologies (MoST), in Conjunction with the IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  33. Lindorfer, M.: Andrubis: a tool for analyzing unknown android applications. http://blog.iseclab.org/2012/06/04/andrubis-a-tool-for-analyzing-unknown-android-applications-2/ (2012)

  34. Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., van der Veen, V., Platzer, C.: Andrubis—1,000,000 apps later: a view on current android malware behaviors. In: Proceedings of the the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) (2014)

    Google Scholar 

  35. MSWG. Department of computer science and engineering, malaviya national institute of technology, Jaipur. https://www.droidanalyst.org (2014). Accessed July 2014

  36. Mulliner, C.: Dalvik dynamic instrumentation. http://www.mulliner.org/android/feed/mulliner_dbi_hitb_kul2013.pdf (2013). Accessed October 2013

  37. Neuner, S., Van der Veen, V., Lindorfer, M., Huber, M., Merzdovnik, G., Mulazzani, M., Weippl, E.: Enter sandbox: android sandbox comparison. In: Proceedings of the IEEE Mobile Security Technologies Workshop (MoST), vol. 5. IEEE (2014)

    Google Scholar 

  38. Peng, H., Long, F., Ding, C.: Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans. Pattern Anal. Mach. Intell. 27(8), 1226–1238 (2005)

    Article  Google Scholar 

  39. Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the Seventh European Workshop on System Security, p. 5. ACM (2014)

    Google Scholar 

  40. Play, G.: Official Android Market. https://market.android.com/ (2013). Accessed 17 June 2013

  41. Rasthofer, S., Arzt, S., Miltenberger, M., Bodden, E.: Harvesting runtime data in android applications for identifying malware and enhancing code analysis. Technical Report TUD-CS-2015-0031, EC SPRIDE, February (2015)

    Google Scholar 

  42. Reina, A., Fattori, A., Cavallaro, L.: A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. In: Proceedings of the 6th European Workshop on System Security (EUROSEC 2013), Prague, Czech Republic (2013)

    Google Scholar 

  43. Rocha, B.P.S., Conti, M., Etalle, S., Crispo, B.: Hybrid static-runtime information flow and declassification enforcement. IEEE Trans. Inf. Forensics Secur. 99(8) (2013)

    Google Scholar 

  44. Roussev, V.: Building a better similarity trap with statistically improbable features. In: 42nd Hawaii International Conference on System Sciences, 2009. HICSS’09, pp. 1–10. IEEE (2009)

    Google Scholar 

  45. Roussev, V.: An evaluation of forensic similarity hashes. Dig. Investig. 8, S34–S41 (2011). Aug

    Article  Google Scholar 

  46. Roussev, V.: Data fingerprinting with similarity hashes. Adv. Dig. Forensics (2011)

    Google Scholar 

  47. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: Puma: permission usage to detect malware in android. In: International Joint Conference CISIS12-ICEUTE’ 12-SOCO’12 Special Sessions, pp. 289–298. Springer (2013)

    Google Scholar 

  48. Spreitzenbarth, M., Freiling, F.: Android Malware on the Rise. Technical report (2012)

    Google Scholar 

  49. Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-sandbox: having a deeper look into android applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC’13, pp. 1808–1815, New York. ACM (2013)

    Google Scholar 

  50. Vidas, T., Christin, N.: Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS’14, pp. 447–458, New York. ACM (2014)

    Google Scholar 

  51. Weichselbaum, L., Neugschwandtner, M., Lindorfer, M., Fratantonio, Y., van der Veen, V., Platzer, C.: Andrubis: Android Malware Under The Magnifying Glass. Technical Report TR-ISECLAB-0414-001, Vienna University of Technology (2014)

    Google Scholar 

  52. William, E., Peter, G., Byunggon, C., Landon, C.: TaintDroid: an information flow tracking system for realtime privacy monitoring on smartphones. In: USENIX Symposium on Operating Systems Design and Implementation, USENIX (2011)

    Google Scholar 

  53. Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Security Symposium (2012)

    Google Scholar 

  54. Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: Smartdroid: an automatic system for revealing UI-based trigger conditions in android applications. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM’12, pp. 93–104, New York. ACM (2012)

    Google Scholar 

  55. Zheng, M., Lee, P.P.C., Lui, J.C.S.: ADAM: an automatic and extensible platform to stress test android anti-virus systems. In: DIMVA, pp. 82–101 (2012)

    Google Scholar 

  56. Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of the 33rd IEEE Symposium on Security and Privacy, Oakland 2012. IEEE (2012)

    Google Scholar 

  57. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In: NDSS. The Internet Society (2012)

    Google Scholar 

Download references

Acknowledgments

The work of Parvez Faruki, Manoj Singh Gaur, and Vijay Laxmi was partially supported by Department of Information Technology, Government of India project grant “SAFAL-Security Analysis Framework for Android pLatform vide grant number: 12(7)/2014-ESD”. Mauro Conti was supported by the Marie Curie Fellowship PCIG11-GA-2012-321980, funded by the European Commission for the PRISM-CODE project. This work has been partially supported by the TENACE PRIN Project 20103P34XC funded by the Italian MIUR, and by the Project Tackling Mobile Malware with Innovative Machine Learning Techniques funded by the University of Padua. We thank Ammar Bharmal and Vijay Kumar for their contributions in the development of “www.droidanalyst.org” as M.Tech scholars at the Computer science and engineering department, MNIT Jaipur. We appreciate the efforts made by Rohit Gupta, Jitendra Saraswat, and Lovely Sinha for their contributions in maintaining the DroidAnalyst.

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, Malaviya National Institute of Technology, Jaipur, India

    Parvez Faruki, Shweta Bhandari, Vijay Laxmi & Manoj Gaur

  2. Department of Mathematics, University of Padua, Padova, Italy

    Mauro Conti

Authors
  1. Parvez Faruki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shweta Bhandari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vijay Laxmi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Manoj Gaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mauro Conti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Parvez Faruki .

Editor information

Editors and Affiliations

  1. Larus Technologies Corporation, Ottawa, Ontario, Canada

    Rami Abielmona

  2. Larus Technologies Corporation, Ottawa, Ontario, Canada

    Rafael Falcon

  3. Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir-Heywood

  4. School of Engineering and Information Technology, University of New South Wales, Canberra, Aust Capital Terr, Australia

    Hussein A. Abbass

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Faruki, P., Bhandari, S., Laxmi, V., Gaur, M., Conti, M. (2016). DroidAnalyst: Synergic App Framework for Static and Dynamic App Analysis. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H. (eds) Recent Advances in Computational Intelligence in Defense and Security. Studies in Computational Intelligence, vol 621. Springer, Cham. https://doi.org/10.1007/978-3-319-26450-9_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26450-9_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26448-6

  • Online ISBN: 978-3-319-26450-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation