ForceDROID: Extracting Hidden Information in Android Apps by Forced Execution Technique

Malware analysis technology is important for Android security. However, existing Android malware analysis approaches, both static approaches and dynamic approaches, have their own advantages and drawbacks. In this paper, by combining static and dynamic approaches, we propose the forced execution technique for Android apps to automatically extract their hidden information such as encoded URLs, promoting the security evaluation of Android apps. Our approach firstly searches some execution paths leading to critical functions based on static analysis. Then, by monitoring the control flow conditions of the target app, code on the selected paths is forcedly executed. In this process, an exception-tolerated execution sandbox is designed to ensure that selected execution flows finally reach the critical functions. Thus, important parameters related to the functions can be extracted with high probability. The main advantage of our approach is that the whole process is completely automatic and does not require complicated input contexts for the execution. We have implemented the prototype system ForceDROID. And two scenarios aiming at network connections and shell commands are designed to evaluate the effectiveness of our approach.

[1]  Chao Yang,et al.  DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications , 2014, ESORICS.

[2]  Aristide Fattori,et al.  CopperDroid: Automatic Reconstruction of Android Malware Behaviors , 2015, NDSS.

[3]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[4]  Eric Bodden,et al.  Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques , 2016, NDSS.

[5]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[6]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[7]  Peng Wang,et al.  Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale , 2015, USENIX Security Symposium.

[8]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[9]  Mu Zhang,et al.  Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs , 2014, CCS.

[10]  Mauro Conti,et al.  Detecting Targeted Smartphone Malware with Behavior-Triggering Stochastic Models , 2014, ESORICS.

[11]  Suman Nath,et al.  Brahmastra: Driving Apps to Test the Security of Third-Party Components , 2014, USENIX Security Symposium.

[12]  Ninghui Li,et al.  Using probabilistic generative models for ranking risks of Android apps , 2012, CCS.

[13]  Vitor Monte Afonso,et al.  Identifying Android malware using dynamically obtained features , 2014, Journal of Computer Virology and Hacking Techniques.

[14]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[15]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[16]  Yuan Zhang,et al.  Vetting undesirable behaviors in android apps with permission use analysis , 2013, CCS.