Glassbox: Dynamic Analysis Platform for Malware Android Applications on Real Devices

Paul Irolla; Eric Filiol

doi:10.5220/0006094006100621

Glassbox: Dynamic Analysis Platform for Malware Android Applications on Real Devices

Paul Irolla, Eric Filiol

2017

Abstract

Android is the most widely used smartphone OS with 82.8% market share in 2015 (IDC, 2015). It is therefore the most widely targeted system by malware authors. Researchers rely on dynamic analysis to extract malware behaviors and often use emulators to do so. However, using emulators lead to new issues. Malware may detect emulation and as a result it does not execute the payload to prevent the analysis. Dealing with virtual device evasion is a never-ending war and comes with a non-negligible computation cost (Lindorfer et al., 2014). To overcome this state of affairs, we propose a system that does not use virtual devices for analysing malware behavior. Glassbox is a functional prototype for the dynamic analysis of malware applications. It executes applications on real devices in a monitored and controlled environment. It is a fully automated system that installs, tests and extracts features from the application for further analysis. We present the architecture of the platform and we compare it with existing Android dynamic analysis platforms. Lastly, we evaluate the capacity of Glassbox to trigger application behaviors by measuring the average coverage of basic blocks on the AndroCoverage dataset (AndroCoverage, 2016). We show that it executes on average 13.52% more basic blocks than the Monkey program.

Download

Paper Citation

in Harvard Style

Irolla P. and Filiol E. (2017). Glassbox: Dynamic Analysis Platform for Malware Android Applications on Real Devices . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017) ISBN 978-989-758-209-7, pages 610-621. DOI: 10.5220/0006094006100621

in Bibtex Style

@conference{forse17,
author={Paul Irolla and Eric Filiol},
title={Glassbox: Dynamic Analysis Platform for Malware Android Applications on Real Devices},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017)},
year={2017},
pages={610-621},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006094006100621},
isbn={978-989-758-209-7},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017)
TI - Glassbox: Dynamic Analysis Platform for Malware Android Applications on Real Devices
SN - 978-989-758-209-7
AU - Irolla P.
AU - Filiol E.
PY - 2017
SP - 610
EP - 621
DO - 10.5220/0006094006100621