Abstract | ||
---|---|---|
Dynamic analysis of Android malware suffers from techniques that identify the analysis environment and prevent the malicious behavior from being observed. While there are many analysis solutions that can thwart evasive malware on Windows, the application of similar techniques for Android has not been studied in-depth. In this paper, we present Lumus, a novel technique to uncover evasive malware on Android. Lumus compares the execution traces of malware on bare metal and emulated environments. We used Lumus to analyze 1,470 Android malware samples and were able to uncover 192 evasive samples. Comparing our approach with other solutions yields better results in terms of accuracy and false positives. We discuss which information are typically used by evasive malware for detecting emulated environments, and conclude on how analysis sandboxes can be strengthened in the future. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1007/978-3-319-99136-8_3 | INFORMATION SECURITY (ISC 2018) |
Field | DocType | Volume |
Android (operating system),Computer security,Computer science,Android malware,Malware,False positive paradox | Conference | 11060 |
ISSN | Citations | PageRank |
0302-9743 | 0 | 0.34 |
References | Authors | |
23 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Vitor Monte Afonso | 1 | 71 | 4.66 |
Anatoli Kalysch | 2 | 4 | 1.45 |
Tilo Müller | 3 | 297 | 25.41 |
Daniela A. S. de Oliveira | 4 | 34 | 5.11 |
André Ricardo Abed Grégio | 5 | 66 | 9.51 |
Paulo Lício de Geus | 6 | 83 | 13.37 |