A5: Automated Analysis of Adversarial Android Applications (CMU-CyLab-13-009) (Revised June 3, 2014)
نویسندگان
چکیده
Mobile malware is growing – both in overall volume and in number of existing variants – at a pace rapid enough that systematic manual, human analysis is becoming increasingly difficult. As a result, there is a pressing need for techniques and tools that provide automated analysis of mobile malware samples. We present A5, an automated system to process Android malware. A5 is a hybrid system combining static and dynamic malware analysis techniques. Android’s architecture permits many different paths for malware to react to system events, any of which may result in malicious behavior. Key innovations in A5 consist in novel methods of interacting with mobile malware to better coerce malicious behavior, and in combining both virtual and physical pools of Android platforms to capture behavior that could otherwise be missed. The primary output of A5 is a set of network threat indicators and intrusion detection system signatures that can be used to detect and prevent malicious network activity. We detail A5’s distributed design and demonstrate applicability of our interaction techniques using examples from real malware. Additionally, we compare A5 with other automated systems and provide performance measurements of an implementation, using a published dataset of 1,260 unique malware samples, showing that A5 can quickly process large amounts of malware. We provide a public web interface to our implementation of A5 that allows third parties to use A5 as a web service.
منابع مشابه
Sweetening Android Lemon Markets: Measuring and Curbing Malware in Application Marketplaces (CMU-CyLab-11-012)
Application marketplaces are the main software distribution mechanism for modern mobile devices but are also emerging as a viable alternative to brick-and-mortar stores for personal computers. While most application marketplaces require applications to be cryptographically signed by their developers, in Android marketplaces, self-signed certificates are common, thereby offering very limited aut...
متن کاملPrivacy as Part of the App Decision-Making Process (CMU-CyLab-13-003)
Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have only the Android permissions display, which appears after they have selected an app to download, to help them understand how applications access t...
متن کاملRun-Time Enforcement of Information-Flow Properties on Android (CMU-CyLab-12-015)
Recent years have seen a dramatic increase in the number and im-portance in daily life of mobile devices. The security properties thatthese devices provide to their applications, however, are inadequateto protect against many undesired behaviors. A broad class of suchbehaviors is violations of simple information-flow properties.This paper proposes an enforcement system that ...
متن کاملAutomated Verification of Security Protocol Implementations (CMU-CyLab-08-002)
We present a method that combines software model checking with a standard protocol security model to provide meaningful security analysis of protocol implementations in a completely automated manner. Our approach incorporates a standard symbolic attacker model and provides analogous guarantees about protocol implementations as previous work does for protocol specifications. We have implemented ...
متن کامل