Implementing a hybrid Android sandbox for malware analysis

Mert Can Coskuner; Murat İskefiyeli

doi:10.29130/dubited.1239779

Araştırma Makalesi

Implementing a hybrid Android sandbox for malware analysis

Yıl 2024, Cilt: 12 Sayı: 2, 1114 - 1125, 29.04.2024

Mert Can Coskuner Murat İskefiyeli

https://doi.org/10.29130/dubited.1239779

Öz

Mobil telefon endüstrisi son yılların en hızlı gelişen endüstrilerinden biri olmuştur. Bu gelişmeler ışığında Android işletim sisteminin akıllı telefonlar içerisinde büyük bir payda elde etmesinin bir yan etkisi olarak Android işletim sistemi zararlı yazılım geliştiricilerinin de ilgini çekmeye başlamıştır. Artan zararlı Android uygulamalarının gerçekten zararlı olup olmadığına karar vermek için zararlı yazılım analistlerinin tipik olarak başvurduğu kum havuzları Android işletim sistemi için yetersiz kalmaktadır. Bu bağlamda yapılan akademik çalışmalar ve ortaya çıkan prototipler erişilebilirlik ve analiz yapabilme kapasitesi olarak yetersiz kalmıştır. Bu makalede Android zararlı yazılım analizi için hibrit analiz yapabilecek bir kum havuzu önerilmiş ve zararlı yazılımların tespiti için kullanılan kum havuzlarının Android zararlı yazılımlar yönünden incelemesi yapılmıştır. Çalışma sonucunda hibrit analiz yeteneklerine sahip bir android kum havuzu geliştirilmiştir.

Anahtar Kelimeler

android, zararlı yazılım, kum havuzu

Kaynakça

[1] T. Bläsing, L. Batyuk, A. -D. Schmidt, S. A. Camtepe and S. Albayrak, "An Android Application Sandbox system for suspicious software detection," 2010 5th International Conference on Malicious and Unwanted Software, Nancy, France, 2010, pp. 55-62, doi: 10.1109/MALWARE.2010.5665792.
[2] Reina, Alessandro, Aristide Fattori and Lorenzo Cavallaro, “A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors.”, 2013.
[3] Spreitzenbarth, Michael, Felix C. Freiling, Florian Echtler, Thomas Schreck and Johannes Hoffmann, “Mobile-sandbox: having a deeper look into android applications.”, ACM Symposium on Applied Computing, 2013.
[4] Enck, William & Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon & McDaniel, Patrick & Sheth, Anmol, TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Communications of the ACM, 2010, pp. 57, doi: 10.1145/2494522.
[5] IDC, “Android and iOS Continue to Dominate the Worldwide Smartphone Market with Android Shipments Just Shy of 800 Million in 2013,” http://www.idc.com/getdoc.jsp?containerId=prUS24676414 (2023.07.09).
[6] V. Svajcer, “Sophos Mobile Security Threat Report,” http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.ashx (2023.07.09).
[7] H. Lockheimer, “Android and Security,” http://googlemobile.blogspot.com/2012/02/Android-and-security.html (2023.07.09).
[8] Lookout, Pegasus for Android (April 2017).
[9] Google, An investigation of chrysaor malware on Android (2023.07.09).
[10] D. Maslennikov, “First SMS Trojan for Android,” https://www.securelist.com/en/blog/2254/First SMS Trojan for Android, August 2010.
[11] Burguera, Iker & Zurutuza, Urko & Nadjm-Tehrani, Simin, Crowdroid: Behavior-Based Malware Detection System for Android, SPSM '11, 2011, pp. 15-26, doi: 10.1145/2046614.2046619.
[12] Grace, Michael & Zhou, Wu & Jiang, Xuxian & Sadeghi, Ahmad-Reza, Unsafe Exposure Analysis of Mobile In-App Advertisements ABSTRACT, WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2012, doi: 10.1145/2185448.2185464.
[13] Zhou, Yajin & Wang, Zhi & Zhou, Wu & Jiang, Xuxian, Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets, Proceedings of the 19th Network and Distributed System Security Symposium NDSS 2012, 2012.
[14] CheckPoint, Charger malware calls and raises the risk on google play (2023.07.09).
[15] Zhou, Wu, Yajin Zhou, Xuxian Jiang and Peng Ning, “Detecting repackaged smartphone applications in third-party android marketplaces.”, Conference on Data and Application Security and Privacy, 2012.
[16] Gilbert, Peter & Chun, Byung-Gon & Cox, Landon & Jung, Jaeyeon, Vision: Automated security validation of mobile apps at app markets, Proceedings of the Second International Workshop on Mobile Cloud Computing and Services, 2011, doi: 10.1145/1999732.1999740.
[17] “Koodous”, https://koodous.com (2023.07.09).
[18] “VirusTotal”, https://virustotal.com (2023.07.09).
[19] D. Shi, X. Tang and Z. Ye, "Detecting environment-sensitive malware based on taint analysis," 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, 2017, pp. 322-327, doi: 10.1109/ICSESS.2017.8342924.
[20] “Androguard”, https://github.com/androguard/androguard (2023.07.09).
[21] Maggi, Federico, Andrea Valdi and Stefano Zanero, “AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors.”, Security and Privacy in Smartphones and Mobile Devices, 2013.
[22] Kapratwar, Ankita & Di Troia, Fabio & Stamp, Mark, Static and Dynamic Analysis of Android Malware, 2017, pp. 653-662, doi: 10.5220/0006256706530662.
[23] Bayer, Ulrich & Kruegel, Christopher & Kirda, Engin, TTAnalyze: A Tool for Analyzing Malware, 2006.
[24] Xu Chen, J. Andersen, Z. M. Mao, M. Bailey and J. Nazario, "Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware," 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), Anchorage, AK, USA, 2008, pp. 177-186, doi: 10.1109/DSN.2008.4630086.
[25] Kwong, Lok & Yin, Heng, DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, 2012, Proceedings of the 21st USENIX Security Symposium.

Toplam 25 adet kaynakça vardır.

Ayrıntılar

Birincil Dil	Türkçe
Konular	Mühendislik
Bölüm	Makaleler
Yazarlar	Mert Can Coskuner 0000-0002-3223-6881 Murat İskefiyeli 0000-0002-8210-5070
Yayımlanma Tarihi	29 Nisan 2024
Yayımlandığı Sayı	Yıl 2024 Cilt: 12 Sayı: 2

Kaynak Göster

APA	Coskuner, M. C., & İskefiyeli, M. (2024). Implementing a hybrid Android sandbox for malware analysis. Düzce Üniversitesi Bilim Ve Teknoloji Dergisi, 12(2), 1114-1125. https://doi.org/10.29130/dubited.1239779
AMA	Coskuner MC, İskefiyeli M. Implementing a hybrid Android sandbox for malware analysis. DÜBİTED. Nisan 2024;12(2):1114-1125. doi:10.29130/dubited.1239779
Chicago	Coskuner, Mert Can, ve Murat İskefiyeli. “Implementing a Hybrid Android Sandbox for Malware Analysis”. Düzce Üniversitesi Bilim Ve Teknoloji Dergisi 12, sy. 2 (Nisan 2024): 1114-25. https://doi.org/10.29130/dubited.1239779.
EndNote	Coskuner MC, İskefiyeli M (01 Nisan 2024) Implementing a hybrid Android sandbox for malware analysis. Düzce Üniversitesi Bilim ve Teknoloji Dergisi 12 2 1114–1125.
IEEE	M. C. Coskuner ve M. İskefiyeli, “Implementing a hybrid Android sandbox for malware analysis”, DÜBİTED, c. 12, sy. 2, ss. 1114–1125, 2024, doi: 10.29130/dubited.1239779.
ISNAD	Coskuner, Mert Can - İskefiyeli, Murat. “Implementing a Hybrid Android Sandbox for Malware Analysis”. Düzce Üniversitesi Bilim ve Teknoloji Dergisi 12/2 (Nisan 2024), 1114-1125. https://doi.org/10.29130/dubited.1239779.
JAMA	Coskuner MC, İskefiyeli M. Implementing a hybrid Android sandbox for malware analysis. DÜBİTED. 2024;12:1114–1125.
MLA	Coskuner, Mert Can ve Murat İskefiyeli. “Implementing a Hybrid Android Sandbox for Malware Analysis”. Düzce Üniversitesi Bilim Ve Teknoloji Dergisi, c. 12, sy. 2, 2024, ss. 1114-25, doi:10.29130/dubited.1239779.
Vancouver	Coskuner MC, İskefiyeli M. Implementing a hybrid Android sandbox for malware analysis. DÜBİTED. 2024;12(2):1114-25.

Kapak Resmi İndir

Makale Dosyaları

Tam Metin