Afonso V, Kalysch A, Müller T, Oliveira D, Grégio A, De Geus PL (2018)
Publication Language: English
Publication Type: Conference contribution, Conference Contribution
Publication year: 2018
Publisher: Springer
City/Town: Guildford, UK
Pages Range: 47-66
Conference Proceedings Title: Information Security - 21th International Conference
Event location: Guildford, UK
ISBN: 978-3-319-99136-8
URI: https://link.springer.com/chapter/10.1007/978-3-319-99136-8_3
DOI: 10.1007/978-3-319-99136-8_3
Dynamic analysis of Android malware suffers from techniques that identify the analysis environment and prevent the malicious behavior from being observed. While there are many analysis solutions that can thwart evasive malware on Windows, the application of similar techniques for Android has not been studied in-depth. In this paper, we present Lumus, a novel technique to uncover evasive malware on Android. Lumus compares the execution traces of malware on bare metal and emulated environments. We used Lumus to analyze 1,470 Android malware samples and were able to uncover 192 evasive samples. Comparing our approach with other solutions yields better results in terms of accuracy and false positives. We discuss which information are typically used by evasive malware for detecting emulated environments, and conclude on how analysis sandboxes can be strengthened in the future.
APA:
Afonso, V., Kalysch, A., Müller, T., Oliveira, D., Grégio, A., & De Geus, P.L. (2018). Lumus: Dynamically Uncovering Evasive Android Applications. In Liqun Chen, Mark Manulis, Steve Schneider (Eds.), Information Security - 21th International Conference (pp. 47-66). Guildford, UK: Guildford, UK: Springer.
MLA:
Afonso, Vitor, et al. "Lumus: Dynamically Uncovering Evasive Android Applications." Proceedings of the ISC 2018, Guildford, UK Ed. Liqun Chen, Mark Manulis, Steve Schneider, Guildford, UK: Springer, 2018. 47-66.
BibTeX: Download