Defining and detecting environment discrimination in android apps

Document Type

Conference Proceeding

Publication Date

1-1-2018

Abstract

Environment discrimination—a program behaving differently on different platforms—is used in many contexts. For example, malware can use environment discrimination to thwart detection attempts: as malware detectors employ automated dynamic analysis while running the potentially malicious program in a virtualized environment, the malware author can make the program virtual environment-aware so the malware turns off the nefarious behavior when it is running in a virtualized environment. Therefore, an approach for detecting environment discrimination can help security researchers and practitioners better understand the behavior of, and consequently counter, malware. In this paper we formally define environment discrimination, and propose an approach based on abstract traces and symbolic execution to detect discrimination in Android apps. Furthermore, our approach discovers what API calls expose the environment information to malware, which is a valuable reference for virtualization developers to improve their products. We also apply our approach to the real malware and third-party-researcher designed benchmark apps. The result shows that the algorithm and framework we proposed achieves 97% accuracy.

Identifier

85045969514 (Scopus)

ISBN

[9783319788128]

Publication Title

Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering Lnicst

External Full Text Location

https://doi.org/10.1007/978-3-319-78813-5_26

ISSN

18678211

First Page

510

Last Page

529

Volume

238

Grant

W911NF-13-2-0045

Fund Ref

Army Research Laboratory

This document is currently not available here.

Share

COinS