Abstract
Security companies have been struggling with malware analysis for many years as they become more and more intelligent. In order to yield better analysis result, the analysis environment must be well-equipped to cover wide range of applications. For instance, applications are analyzed dynamically in a period of time in various environments, including a virtual environment and a real device. Yet many intelligent Android malware still find a way to stop running when they inspect the environment. In order to solve this problem, Android container technology has been studied, but there is still a lack of research on monitoring server that can analyze operation information in malicious application. This paper proposes a server-agent model to monitor application behaviors in Android container. We design and implement agents that collect behavioral information from malicious applications running in the Android containers, and monitoring server that organizes these information for further analyses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Disterer, G., Kleiner, C.: BYOD bring your own device. Proc. Technol. 9, 43–53 (2013)
Gartner Group: Gartner Says Five of Top 10 Worldwide Mobile Phone Vendors Increased Sales in Second Quarter of 2016. http://www.gartner.com/newsroom/id/3415117
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14 (2011)
Alazab, M., Moonsamy, V., Batten, L.: Analysis of malicious and benign android applications. In: 2012 32nd International Conference on Distributed Computing Systems Workshops, ICDCSW (2012)
Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating Android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334 (2013)
Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of Android malware. In: Proceedings of the Seventh European Workshop on System Security (2014)
Goadrich, M.H., Rogers, M.P.: Smart smartphone development: iOS versus Android. In: Proceedings of the 42nd ACM Technical Symposium on Computer Science Education, pp. 607–612 (2011)
Afonso, V.M., de Amorim, M.F., Gregio, A.R.A., Junquera, G.B., de Geus, P.L.: Identifying Android malware using dynamically obtained features. J. Comput. Virol. Hacking Tech. 11(1), 9–17 (2015)
Isohara, T., Takemori, K., Kubota, A.: Kernel-based behavior analysis for Android malware detection. In: 2011 Seventh International Conference on Computational Intelligence and Security, CIS (2012)
Miao, Q.-G., Yun-Wang, Cao, Y.: API capture–a tool for monitoring the behavior of malware. In: 3rd International Conference on Advanced Computer Theory and Engineering, pp. 390–394 (2010)
Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: Proceedings of the 21st USENIX Conference on Security Symposium, p. 29 (2012)
Blasing, T., Batyuk, L., Schmidt, A.D.: An Android application sandbox system for suspicious software detection. In: Malicious and Unwanted Software, MALWARE (2010)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior-based malware detection system for Android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26 (2011)
Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6, 151–180 (1998)
Dey, S., Roy, N., Xu, W., Nelakuditi, S.: ACM HotMobile 2013 poster: leveraging imperfections of sensors for fingerprinting smartphones. SIGMOBILE Mob. Comput. Commun. Rev. 17(3), 21–22 (2013)
Dash, S.K., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J., Cavallaro, L.: DroidScribe: classifying android malware based on runtime behavior. In: Security and Privacy Workshops, SPW, pp. 252–261. IEEE, May 2016
Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of Android malware behaviors. In: NDSS, February 2015
Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: MADAM: effective and efficient behavior-based android malware detection and prevention. IEEE Trans. Dependable Secur. Comput. (2016)
Acknowledgement
This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2017-2012-0-00646) supervised by the IITP (Institute for Information & communications Technology Promotion).
This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. 2016-0-00078, Cloud based Security Intelligence Technology Development for the Customized Security Service Provisioning).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Yoon, KJ., Yoon, J., Jung, S. (2018). Design and Implementation of Android Container Monitoring Server and Agent. In: Kang, B., Kim, T. (eds) Information Security Applications. WISA 2017. Lecture Notes in Computer Science(), vol 10763. Springer, Cham. https://doi.org/10.1007/978-3-319-93563-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-93563-8_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93562-1
Online ISBN: 978-3-319-93563-8
eBook Packages: Computer ScienceComputer Science (R0)