Implementing a hybrid Android sandbox for malware analysis

Mert Can Coskuner; Murat İskefiyeli

doi:10.29130/dubited.1239779

Research Article

Implementing a hybrid Android sandbox for malware analysis

Year 2024, Volume: 12 Issue: 2, 1114 - 1125, 29.04.2024

Mert Can Coskuner Murat İskefiyeli

https://doi.org/10.29130/dubited.1239779

Abstract

Mobil telefon endüstrisi son yılların en hızlı gelişen endüstrilerinden biri olmuştur. Bu gelişmeler ışığında Android işletim sisteminin akıllı telefonlar içerisinde büyük bir payda elde etmesinin bir yan etkisi olarak Android işletim sistemi zararlı yazılım geliştiricilerinin de ilgini çekmeye başlamıştır. Artan zararlı Android uygulamalarının gerçekten zararlı olup olmadığına karar vermek için zararlı yazılım analistlerinin tipik olarak başvurduğu kum havuzları Android işletim sistemi için yetersiz kalmaktadır. Bu bağlamda yapılan akademik çalışmalar ve ortaya çıkan prototipler erişilebilirlik ve analiz yapabilme kapasitesi olarak yetersiz kalmıştır. Bu makalede Android zararlı yazılım analizi için hibrit analiz yapabilecek bir kum havuzu önerilmiş ve zararlı yazılımların tespiti için kullanılan kum havuzlarının Android zararlı yazılımlar yönünden incelemesi yapılmıştır. Çalışma sonucunda hibrit analiz yeteneklerine sahip bir android kum havuzu geliştirilmiştir.

Keywords

android, zararlı yazılım, kum havuzu

References

[1] T. Bläsing, L. Batyuk, A. -D. Schmidt, S. A. Camtepe and S. Albayrak, "An Android Application Sandbox system for suspicious software detection," 2010 5th International Conference on Malicious and Unwanted Software, Nancy, France, 2010, pp. 55-62, doi: 10.1109/MALWARE.2010.5665792.
[2] Reina, Alessandro, Aristide Fattori and Lorenzo Cavallaro, “A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors.”, 2013.
[3] Spreitzenbarth, Michael, Felix C. Freiling, Florian Echtler, Thomas Schreck and Johannes Hoffmann, “Mobile-sandbox: having a deeper look into android applications.”, ACM Symposium on Applied Computing, 2013.
[4] Enck, William & Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon & McDaniel, Patrick & Sheth, Anmol, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Communications of the ACM, 2010, pp. 57, doi: 10.1145/2494522.
[5] IDC, “Android and iOS Continue to Dominate the Worldwide Smartphone Market with Android Shipments Just Shy of 800 Million in 2013,” http://www.idc.com/getdoc.jsp?containerId=prUS24676414 (2023.07.09).
[6] V. Svajcer, “Sophos Mobile Security Threat Report,” http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.ashx (2023.07.09).
[7] H. Lockheimer, “Android and Security,” http://googlemobile.blogspot.com/2012/02/Android-and-security.html (2023.07.09).
[8] Lookout, Pegasus for Android (April 2017).
[9] Google, An investigation of chrysaor malware on Android (2023.07.09).
[10] D. Maslennikov, “First SMS Trojan for Android,” https://www.securelist.com/en/blog/2254/First SMS Trojan for Android, August 2010.
[11] Burguera, Iker & Zurutuza, Urko & Nadjm-Tehrani, Simin, Crowdroid: Behavior-Based Malware Detection System for Android, SPSM '11, 2011, pp. 15-26, doi: 10.1145/2046614.2046619.
[12] Grace, Michael & Zhou, Wu & Jiang, Xuxian & Sadeghi, Ahmad-Reza, Unsafe Exposure Analysis of Mobile In-App Advertisements ABSTRACT, WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2012, doi: 10.1145/2185448.2185464.
[13] Zhou, Yajin & Wang, Zhi & Zhou, Wu & Jiang, Xuxian, Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets, Proceedings of the 19th Network and Distributed System Security Symposium NDSS 2012, 2012.
[14] CheckPoint, Charger malware calls and raises the risk on google play (2023.07.09).
[15] Zhou, Wu, Yajin Zhou, Xuxian Jiang and Peng Ning, “Detecting repackaged smartphone applications in third-party android marketplaces.”, Conference on Data and Application Security and Privacy, 2012.
[16] Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon, Vision: Automated security validation of mobile apps at app markets, Proceedings of the Second International Workshop on Mobile Cloud Computing and Services, 2011, doi: 10.1145/1999732.1999740.
[17] “Koodous”, https://koodous.com (2023.07.09).
[18] “VirusTotal”, https://virustotal.com (2023.07.09).
[19] D. Shi, X. Tang and Z. Ye, "Detecting environment-sensitive malware based on taint analysis," 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, 2017, pp. 322-327, doi: 10.1109/ICSESS.2017.8342924.
[20] “Androguard”, https://github.com/androguard/androguard (2023.07.09).
[21] Maggi, Federico, Andrea Valdi and Stefano Zanero, “AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors.”, Security and Privacy in Smartphones and Mobile Devices, 2013.
[22] Kapratwar, Ankita & Di Troia, Fabio & Stamp, Mark, Static and Dynamic Analysis of Android Malware, 2017, pp. 653-662, doi: 10.5220/0006256706530662.
[23] Bayer, Ulrich & Kruegel, Christopher & Kirda, Engin, TTAnalyze: A Tool for Analyzing Malware, 2006.
[24] Xu Chen, J. Andersen, Z. M. Mao, M. Bailey and J. Nazario, "Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware," 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), Anchorage, AK, USA, 2008, pp. 177-186, doi: 10.1109/DSN.2008.4630086.
[25] Kwong, Lok & Yin, Heng, DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, 2012, Proceedings of the 21st USENIX Security Symposium.

Year 2024, Volume: 12 Issue: 2, 1114 - 1125, 29.04.2024

Mert Can Coskuner Murat İskefiyeli

https://doi.org/10.29130/dubited.1239779

Abstract

References

[1] T. Bläsing, L. Batyuk, A. -D. Schmidt, S. A. Camtepe and S. Albayrak, "An Android Application Sandbox system for suspicious software detection," 2010 5th International Conference on Malicious and Unwanted Software, Nancy, France, 2010, pp. 55-62, doi: 10.1109/MALWARE.2010.5665792.
[2] Reina, Alessandro, Aristide Fattori and Lorenzo Cavallaro, “A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors.”, 2013.
[3] Spreitzenbarth, Michael, Felix C. Freiling, Florian Echtler, Thomas Schreck and Johannes Hoffmann, “Mobile-sandbox: having a deeper look into android applications.”, ACM Symposium on Applied Computing, 2013.
[4] Enck, William & Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon & McDaniel, Patrick & Sheth, Anmol, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Communications of the ACM, 2010, pp. 57, doi: 10.1145/2494522.
[5] IDC, “Android and iOS Continue to Dominate the Worldwide Smartphone Market with Android Shipments Just Shy of 800 Million in 2013,” http://www.idc.com/getdoc.jsp?containerId=prUS24676414 (2023.07.09).
[6] V. Svajcer, “Sophos Mobile Security Threat Report,” http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.ashx (2023.07.09).
[7] H. Lockheimer, “Android and Security,” http://googlemobile.blogspot.com/2012/02/Android-and-security.html (2023.07.09).
[8] Lookout, Pegasus for Android (April 2017).
[9] Google, An investigation of chrysaor malware on Android (2023.07.09).
[10] D. Maslennikov, “First SMS Trojan for Android,” https://www.securelist.com/en/blog/2254/First SMS Trojan for Android, August 2010.
[11] Burguera, Iker & Zurutuza, Urko & Nadjm-Tehrani, Simin, Crowdroid: Behavior-Based Malware Detection System for Android, SPSM '11, 2011, pp. 15-26, doi: 10.1145/2046614.2046619.
[12] Grace, Michael & Zhou, Wu & Jiang, Xuxian & Sadeghi, Ahmad-Reza, Unsafe Exposure Analysis of Mobile In-App Advertisements ABSTRACT, WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2012, doi: 10.1145/2185448.2185464.
[13] Zhou, Yajin & Wang, Zhi & Zhou, Wu & Jiang, Xuxian, Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets, Proceedings of the 19th Network and Distributed System Security Symposium NDSS 2012, 2012.
[14] CheckPoint, Charger malware calls and raises the risk on google play (2023.07.09).
[15] Zhou, Wu, Yajin Zhou, Xuxian Jiang and Peng Ning, “Detecting repackaged smartphone applications in third-party android marketplaces.”, Conference on Data and Application Security and Privacy, 2012.
[16] Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon, Vision: Automated security validation of mobile apps at app markets, Proceedings of the Second International Workshop on Mobile Cloud Computing and Services, 2011, doi: 10.1145/1999732.1999740.
[17] “Koodous”, https://koodous.com (2023.07.09).
[18] “VirusTotal”, https://virustotal.com (2023.07.09).
[19] D. Shi, X. Tang and Z. Ye, "Detecting environment-sensitive malware based on taint analysis," 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, 2017, pp. 322-327, doi: 10.1109/ICSESS.2017.8342924.
[20] “Androguard”, https://github.com/androguard/androguard (2023.07.09).
[21] Maggi, Federico, Andrea Valdi and Stefano Zanero, “AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors.”, Security and Privacy in Smartphones and Mobile Devices, 2013.
[22] Kapratwar, Ankita & Di Troia, Fabio & Stamp, Mark, Static and Dynamic Analysis of Android Malware, 2017, pp. 653-662, doi: 10.5220/0006256706530662.
[23] Bayer, Ulrich & Kruegel, Christopher & Kirda, Engin, TTAnalyze: A Tool for Analyzing Malware, 2006.
[24] Xu Chen, J. Andersen, Z. M. Mao, M. Bailey and J. Nazario, "Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware," 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), Anchorage, AK, USA, 2008, pp. 177-186, doi: 10.1109/DSN.2008.4630086.
[25] Kwong, Lok & Yin, Heng, DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, 2012, Proceedings of the 21st USENIX Security Symposium.

There are 25 citations in total.

Details

Primary Language	Turkish
Subjects	Engineering
Journal Section	Articles
Authors	Mert Can Coskuner 0000-0002-3223-6881 Murat İskefiyeli 0000-0002-8210-5070
Publication Date	April 29, 2024
Published in Issue	Year 2024 Volume: 12 Issue: 2

Cite

APA	Coskuner, M. C., & İskefiyeli, M. (2024). Implementing a hybrid Android sandbox for malware analysis. Düzce Üniversitesi Bilim Ve Teknoloji Dergisi, 12(2), 1114-1125. https://doi.org/10.29130/dubited.1239779
AMA	Coskuner MC, İskefiyeli M. Implementing a hybrid Android sandbox for malware analysis. DUBİTED. April 2024;12(2):1114-1125. doi:10.29130/dubited.1239779
Chicago	Coskuner, Mert Can, and Murat İskefiyeli. “Implementing a Hybrid Android Sandbox for Malware Analysis”. Düzce Üniversitesi Bilim Ve Teknoloji Dergisi 12, no. 2 (April 2024): 1114-25. https://doi.org/10.29130/dubited.1239779.
EndNote	Coskuner MC, İskefiyeli M (April 1, 2024) Implementing a hybrid Android sandbox for malware analysis. Düzce Üniversitesi Bilim ve Teknoloji Dergisi 12 2 1114–1125.
IEEE	M. C. Coskuner and M. İskefiyeli, “Implementing a hybrid Android sandbox for malware analysis”, DUBİTED, vol. 12, no. 2, pp. 1114–1125, 2024, doi: 10.29130/dubited.1239779.
ISNAD	Coskuner, Mert Can - İskefiyeli, Murat. “Implementing a Hybrid Android Sandbox for Malware Analysis”. Düzce Üniversitesi Bilim ve Teknoloji Dergisi 12/2 (April 2024), 1114-1125. https://doi.org/10.29130/dubited.1239779.
JAMA	Coskuner MC, İskefiyeli M. Implementing a hybrid Android sandbox for malware analysis. DUBİTED. 2024;12:1114–1125.
MLA	Coskuner, Mert Can and Murat İskefiyeli. “Implementing a Hybrid Android Sandbox for Malware Analysis”. Düzce Üniversitesi Bilim Ve Teknoloji Dergisi, vol. 12, no. 2, 2024, pp. 1114-25, doi:10.29130/dubited.1239779.
Vancouver	Coskuner MC, İskefiyeli M. Implementing a hybrid Android sandbox for malware analysis. DUBİTED. 2024;12(2):1114-25.

Download Cover Image

Article Files

Full Text