Home // SECURWARE 2014, The Eighth International Conference on Emerging Security Information, Systems and Technologies // View article

AndroSAT: Security Analysis Tool for Android Applications

Authors:
Saurabh Oberoi
Weilong Song
Amr Youssef

Keywords: Android Security; Static Analysis; Dynamic Analysis

Abstract:
With about 1.5 million Android device activations per day and billions of application installation from Google Play, Android is becoming one of the most widely used operating systems for smartphones and tablets. In this paper, we present AndroSAT, a Security Analysis Tool for Android applications. The developed framework allows us to efficiently experiment with different security aspects of Android Apps through the integration of (i) a static analysis module that scans Android Apps for malicious patterns. The static analysis process involves several steps such as n-gram analysis of dex files, decompilation of the App, pattern search, and analysis of the AndroidManifest file; (ii) a dynamic analysis sandbox that executes Android Apps in a controlled virtual environment, which logs low-level interactions with the operating system. The effectiveness of the developed framework is confirmed by testing it on popular Apps collected from F-Droid, and malware samples obtained from a third party and the Android Malware Genome Project dataset. As a case study, we show how the analysis reports obtained from AndroSAT can be used for studying the frequency of use of different Android permissions and dynamic operations, detection of Android malware, and for generating cyber intelligence about domain names involved in mobile malware activities.

Pages: 124 to 131

Copyright: Copyright (c) IARIA, 2014

Publication date: November 16, 2014

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-376-6

Location: Lisbon, Portugal

Dates: from November 16, 2014 to November 20, 2014