This alert has been successfully added and will be sent to:
You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below.
With the popularity of Android devices, mobile apps are prevalent in our daily life, making them a target for attackers to steal private data and push advertisements. Dynamic analysis is an effective approach to detect runtime behavior of Android malware and can reduce the impact of code obfuscation. However, some dynamic sandboxes commonly used by researchers are usually based on emulators with older versions of Android, for example, the state-of-the-art sandbox, DroidBox. These sandboxes are vulnerable to evasion attacks and may not work with the latest apps. In this paper, we propose a prototype framework, DroidHook, as a novel automated sandbox for Android malware dynamic analysis. Unlike most existing tools, DroidHook has two obvious advantages. Firstly, the set of APIs to be monitored by DroidHook can be easily modified, so that DroidHook is ideally suitable for diverse situations, including the detection of a specific family of malware and unknown malware. Secondly, DroidHook does not depend on a specific Android OS but only on Xposed, so it can work with multiple Android versions and can perform normally on both emulators and real devices. Experiments show that DroidHook can provide more fine-grained and precise results than DroidBox. Moreover, with the support for real devices and new versions of Android, DroidHook can run most samples properly and acquire stronger detection results, compared to emulator-based tools.
Aafer, Y., Du, W., Yin, H.: Droidapiminer: mining API-level features for robust malware detection in android. In: International Conference on Security and Privacy in Communication Systems. pp. 86–103. Springer, Cham (2013)
Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: Dynalog: an automated dynamic analysis framework for characterizing android applications. In: 2016 International Conference on Cyber Security and Protection Of Digital Services (Cyber Security), IEEE, pp. 1–8 (2016)
Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: Emulator vs real phone: android malware detection using machine learning. In: Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics, pp. 65–72 (2017)
Arp, D., Spreitzenbarth, M., Hubner, M., et al.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS, pp. 23–26 (2014)
Arshad S, Shah MA, Wahid A, et al. Samadroid: a novel 3-level hybrid malware detection model for android operating system IEEE Access 2018 6 4321-4339
AV-TEST: Malware statistics and trends report. https://www.av-test.org/en/statistics/malware/ (2020). Accessed 06 Oct 2020
Cai H, Meng N, Ryder B, et al. Droidcat: effective android malware detection and categorization via app-level profiling IEEE Trans. Inf. Forensics Secur. 2018 14 6 1455-1470
Cai H, Meng N, Ryder B, et al. Droidcat: effective android malware detection and categorization via app-level profiling IEEE Trans. Inf. Forensics Secur. 2019 14 6 1455-1470
Chang, W.L., Sun, H.M., Wu, W.: An android behavior-based malware detection method using machine learning. In: 2016 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC), IEEE, pp. 1–4 (2016)
Chen X, Li C, Wang D, et al. Android HIV: a study of repackaging malware for evading machine-learning detection IEEE Trans. Inf. Forensics Secur. 2019 15 987-1001
Cho H, Yi JH, and Ahn GJ Dexmonitor: dynamically analyzing and monitoring obfuscated android applications IEEE Access 2018 6 71229-71240
DroidBox. Droidbox: Dynamic analysis of android apps. https://github.com/pjlantz/droidbox (2020). Accessed 07 Oct 2020
Enck W, Gilbert P, Han S, et al. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones ACM Trans. Comput. Syst. (TOCS) 2014 32 2 1-29
Fan M, Liu J, Wang W, et al. Dapasa: detecting android piggybacked apps through sensitive subgraph analysis IEEE Trans. Inf. Forensics Secur. 2017 12 8 1772-1785
Fan M, Liu J, Luo X, et al. Android malware familial classification and representative sample selection via frequent subgraph analysis IEEE Trans. Inf. Forensics Secur. 2018 13 8 1890-1905
Feng P, Ma J, Sun C, et al. A novel dynamic android malware detection system with ensemble learning IEEE Access 2018 6 30996-31011
Gajrani J, Agarwal U, Laxmi V, et al. Espydroid+: precise reflection analysis of android apps Comput. Secur. 2020 90 101 688
Gao H, Cheng S, and Zhang W Gdroid: android malware detection and classification with graph convolutional network Comput. Secur. 2021 106 102 264
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., et al.: Andrubis—1,000,000 apps later: a view on current android malware behaviors. In: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), pp. 3–17 (2014)
Martín A, Lara-Cabrera R, and Camacho D Android malware detection through hybrid features fusion and ensemble classifiers: the andropytool framework and the omnidroid dataset Inform. Fusion 2019 52 128-142
Nicheporuk, A., Savenko, O., Nicheporuk, A., et al.: An android malware detection method based on CNN mixed-data model. In: ICTERI Workshops, pp. 198–213 (2020)
Onwuzurike L, Mariconti E, Andriotis P, et al. Mamadroid: fetecting android malware by building Markov chains of behavioral models (extended version) ACM Trans. Privacy Secur. (TOPS) 2019 22 2 1-34
Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API calls. In: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, IEEE, pp. 300–305 (2013)
Samhi, J., Gao, J., Daoudi, N, et al.: Jucify: a step towards android code unification for enhanced static analysis. In: Proceedings of the 44th International Conference on Software Engineering, pp. 1232–1244 (2022)
Sihag V, Vardhan M, Singh P, et al. De-lady: deep learning based android malware detection using dynamic features J. Internet Serv. Inf. Secur. 2021 11 2 34-45