An Android Application Sandbox System for Suspicious Software Detection

Abstract

Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google's Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.

@INPROCEEDINGS{Anon1010:Android,
AUTHOR={Thomas {Bl{"{a}}sing} and Aubrey-Derrick Schmidt and Leonid Batyuk and
Seyit A. Camtepe and Sahin Albayrak},
TITLE="An Android Application Sandbox System for Suspicious Software Detection",
BOOKTITLE="5th International Conference on Malicious and Unwanted Software (Malware
2010) (MALWARE'2010)",
ADDRESS="Nancy, France, France",
ISBN={ISBN 978-1-4244-9353-1},
KEYWORDS="sandbox, malware, smartphones, system calls, static analysis, dynamic
analysis",
ABSTRACT="Smartphones are steadily gaining popularity, creating new application areas
as their capabilities increase in terms of computational power, sensors and
communication. Emerging new features of mobile devices give opportunity to
new threats. Android is one of the newer operating systems targeting
smartphones. While being based on a Linux kernel, Android has unique
properties and specific limitations due to its mobile nature. This makes it
harder to detect and react upon malware attacks if using conventional
techniques.

In this paper, we propose an Android Application Sandbox (AASandbox) which
is able to perform both static and dynamic analysis on Android programs to
automatically detect suspicious applications. Static analysis scans the
software for malicious patterns without installing it. Dynamic analysis
executes the application in a fully isolated environment, i.e. sandbox,
which intervenes and logs low-level interactions with the system for
further analysis. Both the sandbox and the detection algorithms can be
deployed in the cloud, providing a fast and distributed detection of
suspicious software in a mobile software store akin to Google's Android
Market. Additionally, AASandbox might be used to improve the efficiency of
classical anti-virus applications available for the Android operating
system."
}
Autoren:
Thomas Bläsing, Leonid Batyuk, Aubrey-Derrick Schmidt, Seyit Ahmet Camtepe, Sahin Albayrak
Kategorie:
Tagungsbeitrag
Jahr:
2010
Ort:
5th International Conference on Malicious and Unwanted Software (Malware 2010), Nancy, France