Skip to main content
Springer Nature Link
Log in

Towards Understanding the Role of Execution Context for Observing Malicious Behavior in Android Malware

  • Conference paper
  • First Online:
E-Business and Telecommunications (ICETE 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 764))

Included in the following conference series:

  • 528 Accesses

Abstract

Favorite target of mobile malware, Android operating system can now rely on numerous tools, instrumentations and sandbox environments to fight back the malware threat. Sandboxing is a popular dynamic approach to detect malware, where an application is submitted to a plethora of tests in order to determine the presence of malicious behavior. Such existing sandboxes usually performed analysis on a malware sample once, given the tremendous amount of applications to analyze. In order to further study what trigger malware behavior, we decided to submit a malware sample multiple times to our sandbox, each time with slightly different experiment parameters, such as level of user simulation, the number of user actions performed, and the network configuration. Our results show that a proper configuration of these parameters will yield more information about the sample under study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://developer.android.com/tools/help/monkey.html.

  2. 2.

    http://www.malgenomeproject.org/.

  3. 3.

    https://play.google.com/store.

  4. 4.

    http://www.appsapk.com/.

  5. 5.

    http://contagiodump.blogspot.ca/.

  6. 6.

    All IP traffic other than DNS queries is sinkholed to an IP not on the network.

  7. 7.

    All IP traffic other than DNS queries is sinkholed to an IP for which no ports are open but fake TCP SynAck packets are sent back in response to any TPC Syn (thus properly completing the 3-way handshake).

References

  1. PulseSecure: 2015 Mobile Threat Report. Technical report, Pulse Secure Mobile Threat Center (2015)

    Google Scholar 

  2. Blasing, T., Batyuk, L., Schmidt, A.D., Camtepe, S.A., Albayrak, S.: An android application sandbox system for suspicious software detection. In: Proceedings of the 5th International Conference of Malicious and Unwanted Software, pp. 56–62 (2010)

    Google Scholar 

  3. Boileau, C., Gagnon, F., Poisson, J., Frenette, S., Mejri, M.: A comparative study of android malware behavior in different contexts. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications, vol. 1, pp. 47–54. DCNET (2016)

    Google Scholar 

  4. Dunham, K., Hartman, S., Morales, J.A., Quintans, M., Strazzere, T.: Android Malware and Analysis. Auerbach Publications, Boston (2014)

    Book  Google Scholar 

  5. Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: A view on current malware behaviors. In: LEET (2009)

    Google Scholar 

  6. Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: a tool for analyzing malware (2006)

    Google Scholar 

  7. Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. IEEE Secur. Priv. 5, 32–39 (2007)

    Article  Google Scholar 

  8. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: DREBIN: effective and explainable detection of android malware in your pocket. In: Proceedings of the 2013 Network and Distributed System Security (NDSS) Symposium (2014)

    Google Scholar 

  9. Arzt, S., Rasthofer, S., Christian Fritz, E.B., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecyle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 259–269 (2014)

    Google Scholar 

  10. Gonzalez, H., Stakhanova, N., Ghorbani, A.A.: DroidKin: lightweight detection of android apps similarity. In: Tian, J., Jing, J., Srivatsa, M. (eds.) SecureComm 2014. LNICST, vol. 152, pp. 436–453. Springer, Cham (2015). doi:10.1007/978-3-319-23829-6_30

    Chapter  Google Scholar 

  11. Zheng, M., Sun, M.: DroidAnalytics: a signature based analytic system to collect, extract, analyze and associate android malware. In: Proceedings of 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 163–171 (2013)

    Google Scholar 

  12. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: CrowDroid: behavior-based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2011)

    Google Scholar 

  13. Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32 (2014)

    Google Scholar 

  14. Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 209–220 (2013)

    Google Scholar 

  15. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: NDSS (2012)

    Google Scholar 

  16. Eder, T., Rodler, M., Vymazal, D., Zeilinger, M.: Ananas-a framework for analyzing android applications. In: 2013 Eighth International Conference on Availability, Reliability and Security (ARES), pp. 711–719. IEEE (2013)

    Google Scholar 

  17. Neugschwandtner, M., Lindorder, M., Fratantonio, Y., van der Veen, V., Platzer, C.: ANDRUBIS - 1,000,000 apps later: a view on current android malware behaviors. In: Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 161–190 (2014)

    Google Scholar 

  18. Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-sandbox: having a deeper look into android applications. In: Proceedings of the 28th Symposium on Applied Computing, pp. 1808–1815 (2013)

    Google Scholar 

  19. Reina, A., Fattori, A., Cavallaro, L.: A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors. In: Proceedings of 6th European Workshop on Systems Security (2013)

    Google Scholar 

  20. van der Veen, V., Bos, H., Rossow, C.: Dynamic analysis of android malware. Internet & Web Technology Master thesis, VU University Amsterdam (2013)

    Google Scholar 

  21. Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM conference on Computer and communications security, pp. 217–228. ACM (2012)

    Google Scholar 

  22. Sasnauskas, R., Regehr, J.: Intent fuzzer: crafting intents of death. In: Proceedings of the 2014 Joint International Workshop on Dynamic Analysis (WODA) and Software and System Performance Testing, Debugging, and Analytics (PERTEA), pp. 1–5. ACM (2014)

    Google Scholar 

  23. Ye, H., Cheng, S., Zhang, L., Jiang, F.: Droidfuzzer: fuzzing the android apps with intent-filter tag. In: Proceedings of International Conference on Advances in Mobile Computing & Multimedia, p. 68. ACM (2013)

    Google Scholar 

  24. Gagnon, F., Lafrance, F., Frenette, S., Hall, S.: AVP-an android virtual playground. In: DCNET, pp. 13–20 (2014)

    Google Scholar 

  25. Gagnon, F., Poisson, J., Frenette, S., Lafrance, F., Hallé, S., Michaud, F.: Blueprints of an automated android test-bed. In: Obaidat, M.S., Holzinger, A., Filipe, J. (eds.) ICETE 2014. CCIS, vol. 554, pp. 3–25. Springer, Cham (2015). doi:10.1007/978-3-319-25915-4_1

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Université Laval, Québec, Canada

    Catherine Boileau & Mohammed Mejri

  2. CybersecLab at Cégep de Sainte-Foy, Québec, Canada

    François Gagnon, Jérémie Poisson & Simon Frenette

Authors
  1. Catherine Boileau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. François Gagnon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jérémie Poisson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Simon Frenette
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohammed Mejri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to François Gagnon .

Editor information

Editors and Affiliations

  1. Department of Computer and Information Science, Fordham University, Bronx, New York, USA

    Mohammad S. Obaidat

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Boileau, C., Gagnon, F., Poisson, J., Frenette, S., Mejri, M. (2017). Towards Understanding the Role of Execution Context for Observing Malicious Behavior in Android Malware. In: Obaidat, M. (eds) E-Business and Telecommunications. ICETE 2016. Communications in Computer and Information Science, vol 764. Springer, Cham. https://doi.org/10.1007/978-3-319-67876-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67876-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67875-7

  • Online ISBN: 978-3-319-67876-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics