Implementing a hybrid Android sandbox for malware analysis

Mert Can Coskuner; Murat İskefiyeli

doi:10.29130/dubited.1239779

Implementing a hybrid Android sandbox for malware analysis

Abstract

Mobil telefon endüstrisi son yılların en hızlı gelişen endüstrilerinden biri olmuştur. Bu gelişmeler ışığında Android işletim sisteminin akıllı telefonlar içerisinde büyük bir payda elde etmesinin bir yan etkisi olarak Android işletim sistemi zararlı yazılım geliştiricilerinin de ilgini çekmeye başlamıştır. Artan zararlı Android uygulamalarının gerçekten zararlı olup olmadığına karar vermek için zararlı yazılım analistlerinin tipik olarak başvurduğu kum havuzları Android işletim sistemi için yetersiz kalmaktadır. Bu bağlamda yapılan akademik çalışmalar ve ortaya çıkan prototipler erişilebilirlik ve analiz yapabilme kapasitesi olarak yetersiz kalmıştır. Bu makalede Android zararlı yazılım analizi için hibrit analiz yapabilecek bir kum havuzu önerilmiş ve zararlı yazılımların tespiti için kullanılan kum havuzlarının Android zararlı yazılımlar yönünden incelemesi yapılmıştır. Çalışma sonucunda hibrit analiz yeteneklerine sahip bir android kum havuzu geliştirilmiştir.

Keywords

References

[1] T. Bläsing, L. Batyuk, A. -D. Schmidt, S. A. Camtepe and S. Albayrak, "An Android Application Sandbox system for suspicious software detection," 2010 5th International Conference on Malicious and Unwanted Software, Nancy, France, 2010, pp. 55-62, doi: 10.1109/MALWARE.2010.5665792.
[2] Reina, Alessandro, Aristide Fattori and Lorenzo Cavallaro, “A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors.”, 2013.
[3] Spreitzenbarth, Michael, Felix C. Freiling, Florian Echtler, Thomas Schreck and Johannes Hoffmann, “Mobile-sandbox: having a deeper look into android applications.”, ACM Symposium on Applied Computing, 2013.
[4] Enck, William & Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon & McDaniel, Patrick & Sheth, Anmol, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Communications of the ACM, 2010, pp. 57, doi: 10.1145/2494522.
[5] IDC, “Android and iOS Continue to Dominate the Worldwide Smartphone Market with Android Shipments Just Shy of 800 Million in 2013,” http://www.idc.com/getdoc.jsp?containerId=prUS24676414 (2023.07.09).
[6] V. Svajcer, “Sophos Mobile Security Threat Report,” http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.ashx (2023.07.09).
[7] H. Lockheimer, “Android and Security,” http://googlemobile.blogspot.com/2012/02/Android-and-security.html (2023.07.09).
[8] Lookout, Pegasus for Android (April 2017).

[9] Google, An investigation of chrysaor malware on Android (2023.07.09).
[10] D. Maslennikov, “First SMS Trojan for Android,” https://www.securelist.com/en/blog/2254/First SMS Trojan for Android, August 2010.
[11] Burguera, Iker & Zurutuza, Urko & Nadjm-Tehrani, Simin, Crowdroid: Behavior-Based Malware Detection System for Android, SPSM '11, 2011, pp. 15-26, doi: 10.1145/2046614.2046619.
[12] Grace, Michael & Zhou, Wu & Jiang, Xuxian & Sadeghi, Ahmad-Reza, Unsafe Exposure Analysis of Mobile In-App Advertisements ABSTRACT, WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2012, doi: 10.1145/2185448.2185464.
[13] Zhou, Yajin & Wang, Zhi & Zhou, Wu & Jiang, Xuxian, Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets, Proceedings of the 19th Network and Distributed System Security Symposium NDSS 2012, 2012.
[14] CheckPoint, Charger malware calls and raises the risk on google play (2023.07.09).
[15] Zhou, Wu, Yajin Zhou, Xuxian Jiang and Peng Ning, “Detecting repackaged smartphone applications in third-party android marketplaces.”, Conference on Data and Application Security and Privacy, 2012.
[16] Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon, Vision: Automated security validation of mobile apps at app markets, Proceedings of the Second International Workshop on Mobile Cloud Computing and Services, 2011, doi: 10.1145/1999732.1999740.
[17] “Koodous”, https://koodous.com (2023.07.09).
[18] “VirusTotal”, https://virustotal.com (2023.07.09).
[19] D. Shi, X. Tang and Z. Ye, "Detecting environment-sensitive malware based on taint analysis," 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, 2017, pp. 322-327, doi: 10.1109/ICSESS.2017.8342924.
[20] “Androguard”, https://github.com/androguard/androguard (2023.07.09).
[21] Maggi, Federico, Andrea Valdi and Stefano Zanero, “AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors.”, Security and Privacy in Smartphones and Mobile Devices, 2013.
[22] Kapratwar, Ankita & Di Troia, Fabio & Stamp, Mark, Static and Dynamic Analysis of Android Malware, 2017, pp. 653-662, doi: 10.5220/0006256706530662.
[23] Bayer, Ulrich & Kruegel, Christopher & Kirda, Engin, TTAnalyze: A Tool for Analyzing Malware, 2006.
[24] Xu Chen, J. Andersen, Z. M. Mao, M. Bailey and J. Nazario, "Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware," 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), Anchorage, AK, USA, 2008, pp. 177-186, doi: 10.1109/DSN.2008.4630086.
[25] Kwong, Lok & Yin, Heng, DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, 2012, Proceedings of the 21st USENIX Security Symposium.

Details

Primary Language

Turkish

Subjects

Engineering

Journal Section

Research Article

Authors

Mert Can Coskuner ^*
0000-0002-3223-6881
Türkiye

Murat İskefiyeli
0000-0002-8210-5070
Türkiye

Publication Date

April 29, 2024

Submission Date

January 21, 2023

Acceptance Date

July 17, 2023

Published in Issue

Year 2024 Volume: 12 Number: 2

DOI

https://doi.org/10.29130/dubited.1239779

IZ

https://izlik.org/JA38CN87MK

Cite

RIS / Bibtex

APA

Coskuner, M. C., & İskefiyeli, M. (2024). Implementing a hybrid Android sandbox for malware analysis. Duzce University Journal of Science and Technology, 12(2), 1114-1125. https://doi.org/10.29130/dubited.1239779

AMA

1.Coskuner MC, İskefiyeli M. Implementing a hybrid Android sandbox for malware analysis. DUBİTED. 2024;12(2):1114-1125. doi:10.29130/dubited.1239779

Chicago

Coskuner, Mert Can, and Murat İskefiyeli. 2024. “Implementing a Hybrid Android Sandbox for Malware Analysis”. Duzce University Journal of Science and Technology 12 (2): 1114-25. https://doi.org/10.29130/dubited.1239779.

EndNote

Coskuner MC, İskefiyeli M (April 1, 2024) Implementing a hybrid Android sandbox for malware analysis. Duzce University Journal of Science and Technology 12 2 1114–1125.

IEEE

[1]M. C. Coskuner and M. İskefiyeli, “Implementing a hybrid Android sandbox for malware analysis”, DUBİTED, vol. 12, no. 2, pp. 1114–1125, Apr. 2024, doi: 10.29130/dubited.1239779.

ISNAD

Coskuner, Mert Can - İskefiyeli, Murat. “Implementing a Hybrid Android Sandbox for Malware Analysis”. Duzce University Journal of Science and Technology 12/2 (April 1, 2024): 1114-1125. https://doi.org/10.29130/dubited.1239779.

JAMA

1.Coskuner MC, İskefiyeli M. Implementing a hybrid Android sandbox for malware analysis. DUBİTED. 2024;12:1114–1125.

MLA

Coskuner, Mert Can, and Murat İskefiyeli. “Implementing a Hybrid Android Sandbox for Malware Analysis”. Duzce University Journal of Science and Technology, vol. 12, no. 2, Apr. 2024, pp. 1114-25, doi:10.29130/dubited.1239779.

Vancouver

1.Mert Can Coskuner, Murat İskefiyeli. Implementing a hybrid Android sandbox for malware analysis. DUBİTED. 2024 Apr. 1;12(2):1114-25. doi:10.29130/dubited.1239779