Optimizing native analysis with android container
Pages 185 - 189
Abstract
Demystifying an Android shared library is always a challenging task. In order to inspect a native shared library, analyzers have to execute the application that will load the target library on runtime. Executing the whole application code for the purpose of debugging only a single native library is a waste of computing resource. To solve that problem, we consider deploying Java virtual machine only for hosting the target library a promising approach. Java virtual machine is designed to support both Dalvik and ART runtime. Other contribution is the design of a suitable environment for hosting Java virtual machine. Since the deployment of an Android environment, from either by using virtualized or real devices, is either too costly for virtualization approach or waste of resources in real device. For optimizing computing and hardware resources, the authors have proposed a lightweight environment that suitable for native analysis that based on container technology. Compare to virtualization technology, containerization has the performance advantage. Container technology also a better option than the use of real device since it could provide more than one Android containers at the same time with the same device. The implementation results have shown results from running native analysis on multiple runtime and in different Android version. Because a full Android environment is too heavy for a lightweight sandbox like Java virtual machine, we have stripped most of the components and provide only components that are related to analysis work. The result provided from our experiment shows that stripped Android container has a significant improvement in performance compared with other solutions.
References
[1]
Castillo, Carlos A. 2011. Android malware past, present, and future. White Paper of McAfee Mobile Security Working Group 1.
[2]
Xuetao Wei, Lorenzo Gomez el.al. 2012. Permission evolution in the Android ecosystem. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12). ACM, New York, NY, USA, 31--40.
[3]
A. Desnos. 2012. Android: Static Analysis Using Similarity Distance. In 45th Hawaii International Conference on System Sciences, Maui, HI, pp. 5394--5403.
[4]
Suleiman Y. Yerima, Sakir Sezer et.al. 2013. A New Android Malware Detection Approach Using Bayesian Classification. In Proceedings of the 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA '13). IEEE Computer Society, Washington, DC, USA, 121--128.
[5]
Leonid Batyuk, Markus Herpich, Seyit Ahmet Camtepe, Karsten Raddatz, Aubrey-Derrick Schmidt, and Sahin Albayrak. 2011. Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications. In Proceedings of the 2011 6th International Conference on Malicious and Unwanted Software (MALWARE '11). IEEE Computer Society, Washington, DC, USA, 66--72.
[6]
Armijn Hemel and Rainer Koschke. 2012. Reverse Engineering Variability in Source Code Using Clone Detection: A Case Study for Linux Variants of Consumer Electronic Devices. In Proceedings of the 2012 19th Working Conference on Reverse Engineering (WCRE '12). IEEE Computer Society, Washington, DC, USA, 357--366.
[7]
Andriatsimandefitra, Radoniaina, and Valérie Viet Triem Tong. 2014. Capturing android malware behaviour using system flow graph. In International Conference on Network and System Security. Springer, Cham.
[8]
L. Qiu, Z. Zhang, Z. Shen and G. Sun. 2015. AppTrace: Dynamic trace on Android devices. In IEEE International Conference on Communications (ICC), London, 2015, pp. 7145--7150.
[9]
Lok Kwong Yan and Heng Yin. 2012. DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In Proceedings of the 21st USENIX conference on Security symposium (Security'12). USENIX Association, Berkeley, CA, USA, 29--29.
[10]
Emulator, Android, and S. M. S. Fuzzing. 2015. TEMU. Retrieved Jan 2018 from https://github.com/ntddk/temu
[11]
Seo, Kyoung-Taek & Hwang, et.al. 2014. Performance Comparison Analysis of Linux Container and Virtual Machine for Building Cloud. In Networking and Communications Conference. 105--111.
[12]
IBM. 2009. LXC: Linux Container Tools. Retrieved Jan 2018 from https://www.ibm.com/developerworks/linux/library/l-lxc-containers/
[13]
A. M. Joy. 2015. Performance comparison between Linux containers and virtual machines. In International Conference on Advances in Computer Engineering and Applications, Ghaziabad. pp. 342--346.
[14]
P. Faruki, A. Bharmal, et.al. 2014. Evaluation of Android Anti-malware Techniques against Dalvik Bytecode Obfuscation. In IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, 2014, pp. 414--421.
[15]
V. Rastogi, Y. Chen and X. Jiang. 2014. Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks. In IEEE Transactions on Information Forensics and Security. Vol. 9, no. 1, pp. 99--108, Jan.
Index Terms
- Optimizing native analysis with android container
Recommendations
Benchmark Dalvik and Native Code for Android System
IBICA '11: Proceedings of the 2011 Second International Conference on Innovations in Bio-inspired Computing and ApplicationsGoogle's Android Native Development Kit (NDK) is a toolset that lets you embed components to use of native code in your Android applications. It makes possible for developers to easily compile in C/C++ for the Android development platform. Generally, ...
Android: Changing the Mobile Landscape
The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...
Comments
Information & Contributors
Information
Published In
February 2018
198 pages
Copyright © 2018 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 02 February 2018
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ICMLSC 2018
ICMLSC 2018: ICMLSC 2018, The 2nd International Conference on Machine Learning and Soft Computing
February 2 - 4, 2018
Phu Quoc Island, Viet Nam
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 112Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in