Implementing a hybrid Android sandbox for malware analysis
Yıl 2024,
, 1114 - 1125, 29.04.2024
Mert Can Coskuner
,
Murat İskefiyeli
Öz
Mobil telefon endüstrisi son yılların en hızlı gelişen endüstrilerinden biri olmuştur. Bu gelişmeler ışığında Android işletim sisteminin akıllı telefonlar içerisinde büyük bir payda elde etmesinin bir yan etkisi olarak Android işletim sistemi zararlı yazılım geliştiricilerinin de ilgini çekmeye başlamıştır. Artan zararlı Android uygulamalarının gerçekten zararlı olup olmadığına karar vermek için zararlı yazılım analistlerinin tipik olarak başvurduğu kum havuzları Android işletim sistemi için yetersiz kalmaktadır. Bu bağlamda yapılan akademik çalışmalar ve ortaya çıkan prototipler erişilebilirlik ve analiz yapabilme kapasitesi olarak yetersiz kalmıştır. Bu makalede Android zararlı yazılım analizi için hibrit analiz yapabilecek bir kum havuzu önerilmiş ve zararlı yazılımların tespiti için kullanılan kum havuzlarının Android zararlı yazılımlar yönünden incelemesi yapılmıştır. Çalışma sonucunda hibrit analiz yeteneklerine sahip bir android kum havuzu geliştirilmiştir.
Kaynakça
- [1] T. Bläsing, L. Batyuk, A. -D. Schmidt, S. A. Camtepe and S. Albayrak, "An Android Application Sandbox system for suspicious software detection," 2010 5th International Conference on Malicious and Unwanted Software, Nancy, France, 2010, pp. 55-62, doi: 10.1109/MALWARE.2010.5665792.
- [2] Reina, Alessandro, Aristide Fattori and Lorenzo Cavallaro, “A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors.”, 2013.
- [3] Spreitzenbarth, Michael, Felix C. Freiling, Florian Echtler, Thomas Schreck and Johannes Hoffmann, “Mobile-sandbox: having a deeper look into android applications.”, ACM Symposium on Applied Computing, 2013.
- [4] Enck, William & Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon & McDaniel, Patrick & Sheth, Anmol, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Communications of the ACM, 2010, pp. 57, doi: 10.1145/2494522.
- [5] IDC, “Android and iOS Continue to Dominate the Worldwide Smartphone Market with Android Shipments Just Shy of 800 Million in 2013,” http://www.idc.com/getdoc.jsp?containerId=prUS24676414 (2023.07.09).
- [6] V. Svajcer, “Sophos Mobile Security Threat Report,” http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.ashx (2023.07.09).
- [7] H. Lockheimer, “Android and Security,” http://googlemobile.blogspot.com/2012/02/Android-and-security.html (2023.07.09).
- [8] Lookout, Pegasus for Android (April 2017).
- [9] Google, An investigation of chrysaor malware on Android (2023.07.09).
- [10] D. Maslennikov, “First SMS Trojan for Android,” https://www.securelist.com/en/blog/2254/First SMS Trojan for Android, August 2010.
- [11] Burguera, Iker & Zurutuza, Urko & Nadjm-Tehrani, Simin, Crowdroid: Behavior-Based Malware Detection System for Android, SPSM '11, 2011, pp. 15-26, doi: 10.1145/2046614.2046619.
- [12] Grace, Michael & Zhou, Wu & Jiang, Xuxian & Sadeghi, Ahmad-Reza, Unsafe Exposure Analysis of Mobile In-App Advertisements ABSTRACT, WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2012, doi: 10.1145/2185448.2185464.
- [13] Zhou, Yajin & Wang, Zhi & Zhou, Wu & Jiang, Xuxian, Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets, Proceedings of the 19th Network and Distributed System Security Symposium NDSS 2012, 2012.
- [14] CheckPoint, Charger malware calls and raises the risk on google play (2023.07.09).
- [15] Zhou, Wu, Yajin Zhou, Xuxian Jiang and Peng Ning, “Detecting repackaged smartphone applications in third-party android marketplaces.”, Conference on Data and Application Security and Privacy, 2012.
- [16] Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon, Vision: Automated security validation of mobile apps at app markets, Proceedings of the Second International Workshop on Mobile Cloud Computing and Services, 2011, doi: 10.1145/1999732.1999740.
- [17] “Koodous”, https://koodous.com (2023.07.09).
- [18] “VirusTotal”, https://virustotal.com (2023.07.09).
- [19] D. Shi, X. Tang and Z. Ye, "Detecting environment-sensitive malware based on taint analysis," 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, 2017, pp. 322-327, doi: 10.1109/ICSESS.2017.8342924.
- [20] “Androguard”, https://github.com/androguard/androguard (2023.07.09).
- [21] Maggi, Federico, Andrea Valdi and Stefano Zanero, “AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors.”, Security and Privacy in Smartphones and Mobile Devices, 2013.
- [22] Kapratwar, Ankita & Di Troia, Fabio & Stamp, Mark, Static and Dynamic Analysis of Android Malware, 2017, pp. 653-662, doi: 10.5220/0006256706530662.
- [23] Bayer, Ulrich & Kruegel, Christopher & Kirda, Engin, TTAnalyze: A Tool for Analyzing Malware, 2006.
- [24] Xu Chen, J. Andersen, Z. M. Mao, M. Bailey and J. Nazario, "Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware," 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), Anchorage, AK, USA, 2008, pp. 177-186, doi: 10.1109/DSN.2008.4630086.
- [25] Kwong, Lok & Yin, Heng, DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, 2012, Proceedings of the 21st USENIX Security Symposium.