Abstract
Ten years ago, Google released the first version of its new operating system: Android. With an open market for third party applications, attackers started to develop malicious applications. Researchers started new works too. Inspired by previous techniques for Windows or GNU/Linux malware, a lot of papers introduced new ways of detecting, classifying, defeating Android malware. In this paper, we propose to explore the technical difficulties of experimenting with Android malware. These difficulties are encountered by researchers, each time they want to publish a solid experiment validating their approach. How to choose malware samples? How to process a large amount of malware? What happens if the experiment needs to execute dynamically a sample? The end of the paper presents the upcoming scientific challenges of the community interested in malware analysis.
This work has received a French government support granted to the COMIN Labs excellence laboratory and managed by the National Research Agency in the “Investing for the Future” program under reference ANR-10-LABX-07-01.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in android. Secur. Privacy Commun. Netw. 127, 86–103 (2013). https://doi.org/10.1007/978-3-319-04283-1_6
Abraham, A., Andriatsimandefitra, R., Brunelat, A., Lalande, J.F., Viet Triem Tong, V.: GroddDroid: a gorilla for triggering malicious behaviors. In: 2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015, Fajardo, Puerto Rico, pp. 119–127. IEEE Computer Society, October 2016. https://doi.org/10.1109/MALWARE.2015.7413692
Allix, K., Bissyandé, T.F., Klein, J., Le Traon, Y.: AndroZoo: collecting millions of Android apps for the research community. In: 13th International Workshop on Mining Software Repositories, Austin, USA, pp. 468–471. ACM Press, May 2016. https://doi.org/10.1145/2901739.2903508
Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Edinburgh, UK, vol. 49, pp. 259–269. ACM Press, June 2014. https://doi.org/10.1145/2666356.2594299
Chen, K., et al.: Following devil’s footprints: cross-platform analysis of potentially harmful libraries on Android and iOS. In: S&P (2016). https://doi.org/10.1109/SP.2016.29
Duan, Y., et al.: Things you may not know about android (un)packers: a systematic study based on whole-system emulation. In: 24th Annual Network and Distributed System Security Symposium, February 2018
Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: 9th USENIX Symposium on Operating Systems Design and Implementation, Vancouver, BC, Canada, pp. 393–407. USENIX Association, October 2010
Enck, W., Ongtang, M., Mcdaniel, P.: On Lightweight Mobile Phone Application Certification. Categories and Subject Descriptors (2009)
Kiss, N., Lalande, J.F., Leslous, M., Viet Triem Tong, V.: Kharon dataset: android malware under a microscope. In: The LASER Workshop: Learning from Authoritative Security Experiment Results, San Jose, United States, pp. 1–12. USENIX Association, May 2016
Lalande, J.F., Viêt Triem Tong, V., Leslous, M., Graux, P.: Challenges for reliable and large scale evaluation of android malware analysis. In: International Workshop on Security and High Performance Computing Systems, Orléans, France, pp. 1068–1070. IEEE Computer Society, July 2018. https://doi.org/10.1109/HPCS.2018.00173
Leslous, M., Viet Triem Tong, V., Lalande, J.F., Genet, T.: GPFinder: tracking the invisible in android malware. In: 12th International Conference on Malicious and Unwanted Software, Fajardo, pp. 39–46. IEEE Conputer Society, October 2017. https://doi.org/10.1109/MALWARE.2017.8323955
Li, L., Meng, G., Klein, J., Malek, S. (eds.): 1st International Workshop on Advances in Mobile App Analysis, A-Mobile@ASE 2018, Montpellier, France, 4 September 2018. ACM Press (2018). https://doi.org/10.1145/3243218
Tam, K., Khan, S., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: 22nd Annual Network and Distributed System Security Symposium, San Diego, California, USA. The Internet Society, February 2015
Wei, F., Li, Y., Roy, S., Ou, X., Zhou, W.: Deep ground truth analysis of current android malware. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 252–276. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_12
Wong, M.Y., Lie, D.: IntelliDroid: a targeted input generator for the dynamic analysis of android malware. In: The Network and Distributed System Security Symposium, San Diego, USA, no. February, pp. 21–24. The Internet Society, February 2016. https://doi.org/10.14722/ndss.2016.23118
Yang, W., Kong, D., Xie, T., Gunter, C.A.: Malware detection in adversarial settings: exploiting feature evolutions and confusions in android apps. In: 33rd Annual Computer Security Applications Conference, Orlando, FL, USA, 4–8 December 2017, pp. 288–302 (2017). https://doi.org/10.1145/3134600.3134642
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, San Jose, USA, no. 4, pp. 95–109. IEEE Computer Society, May 2012. https://doi.org/10.1109/SP.2012.16
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Lalande, JF. (2019). Android Malware Analysis: From Technical Difficulties to Scientific Challenges. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)