InviSeal: A Stealthy Dynamic Analysis Framework for Android Systems

With wide adaptation of open-source Android into mobile devices by different device vendors, sophisticated malware are developed to exploit security vulnerabilities. As comprehensive analysis on physical impractical and costly, emulator-driven has gained popularity in recent times. Existing dynamic frameworks suffer from two major issues: (i) they do not provide foolproof anti-emulation-detection measures even for fingerprint-based attacks, (ii) lack efficient cross-layer profiling capabilities. In this work, we present InviSeal, a scalable framework that includes low-overhead techniques detailed along with the basic emulation features. While providing an emulator-based platform, InviSeal strives remain behind-the-scene avoid emulation-detection. We empirically demonstrate proposed OS layer utility achieve is ∼1.26× faster than existing strace -based approaches. Overall, average, incurs ∼1.04× overhead terms number operations performed various workloads CaffeineMark-3.0 benchmark, which better contemporary techniques. Furthermore, measure strategies against emulation-detection attacks. Experimental results show attacks carried out samples find as emulated platform.