ARTDroid: A Virtual-Method Hooking Framework on Android ART Runtime
نویسندگان
چکیده
Various static and dynamic analysis techniques are developed to detect and analyze Android malware. Some advanced Android malware can use Java reflection and JNI mechanisms to conceal their malicious behaviors for static analysis. Furthermore, for dynamic analysis, emulator detection and integrity selfchecking are used by Android malware to bypass all recent Android sandboxes. In this paper, we propose ARTDroid, a framework for hooking virtual-methods calls supporting the latest Android runtime (ART). A virtualmethod is called by the ART runtime using a dispatch table (vtable). ARTDroid can tamper the vtable without any modifications to both Android framework and app’s code. The ARTDroid hooking framework can be used to build an efficient sandbox on real devices and monitor sensitive methods called in both Java reflection and JNI ways.
منابع مشابه
Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation
The prevalent usage of runtime packers has complicated Android malware analysis, as both legitimate and malicious apps are leveraging packing mechanisms to protect themselves against reverse engineer. Although recent efforts have been made to analyze particular packing techniques, little has been done to study the unique characteristics of Android packers. In this paper, we report the first sys...
متن کاملAutomated Memory Leakage Detection in Android Based Systems
Since open platforms such as Android vary in device manufacturers and application developers, modifications in software happened in multiple layers. Therefore, every layer including OS, library, framework and application may have defects within. Especially, a memory leakage which increases memory usage and diminish overall system performance is the key issue in embedded systems with highly limi...
متن کاملSensor Guardian: prevent privacy inference on Android sensors
Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user’s keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controll...
متن کاملExtended Code Coverage for AspectJ-Based Runtime Verification Tools
Many runtime verification tools for the Java virtual machine rely on aspect-oriented programming, particularly on AspectJ, to weave the verification logic into the observed program. However, AspectJ imposes several limitations on the verification tools, such as a restricted join point model and the inability of weaving certain classes, particularly the Java and Android class libraries. In this ...
متن کاملAn Android Application Protection Scheme against Dynamic Reverse Engineering Attacks
Reverse engineering of Android applications is easy because the applications are written in the high level but simple bytecode language. Due to malicious reverse engineering attacks, many Android applications are tampered and repackaged into malicious applications. To protect Android applications from reverse engineering, many research studies have proposed and developed anti-reverse engineerin...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016