SlideShare a Scribd company logo

Reverse Engineering android Malware analysis

Download as PPSX, PDF
A
Anik Ralhan

The document discusses a research paper on detecting abnormal usage of sensitive data in mobile applications, focusing on Android APK malware analysis techniques that employ static and dynamic analysis methods like Mudflow and FlowDroid. The method is validated against a dataset of benign and malicious apps, highlighting the challenges of false positives and the need for performance optimization. Suggestions for extensions include improving analysis for varied app sizes and conducting a comparison with commercial tools.

Software
Related topics:
Malware Analysis Guide • Reverse Engineering
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
MINING APPS FOR ABNORMAL USAGE OF SENSITIVE DATA By Anik Ralhan(Paper 8 – Security) Course Name: SENG 607 L01 - Special Topics in Software Engineering Supervisor: Prof. Hadi Hemmati 1
Plan Authors Task Technique Motivation –an example Method Data set Related work Critique Extension 2
Authors PhD student, Since summer 2014 I'm working as a research assistant at Software Engineering chair Saarland University Vitalii Avdiienko Konstantin Kuznetsov PhD student in the Software Engineering Chair at Saarland University Alessandra Gorla Assistant researcher professor at the IMDEA Software Institute in Madrid, Spain. 3
Authors Contd. Andreas Zeller Full professor for Software Engineering at Saarland University in Germany 4
Authors Contd. Head of Department Secure Software Engineering at Fraunhofer SIT Steven Arzt Siegfried Rasthofer Researcher, Fraunhofer Institute for Secure Information Technology Head of program committee of ACM International Symposium on Engineering Secure Software and Systems (ESSoS) Prof. Dr. Eric Bodden 5
Task Detect whether a mobile application behaves as expected is a prominent problem for users. 6
Technique 7
Technique Contd. Triage: Depending on workload, analysis what, how and fix. Static: Like reading a map for directions on where to go. Dynamic: deeper analysis of the program to understand hidden functionality. 8
Technique: MUDFLOW Not just a pattern match. Trained with flow of data in benign apps. compares behavior of mined large set of benign apps. If abnormal, it declares as Malicious!!!!!!!!! 9
Motivation 10
Motivation Contd. 11
Motivation Contd. 12
Method 13
Method Contd. Flowdroid: The static taint analysis tool with 86% precise & 93% recall on DroidBench Analysis is based on Soot, Heros and SuSi. Necessary meta information are extracted from Android’s manifest file, dex files and layout xml files. Step 1 14
Method Contd. 15
Method Contd. 16
Method Contd. java -Xmx4g -cp soot-trunk.jar;soot-infoflow.jar;soot-infoflow- android.jar;slf4j-api-1.7.5.jar;slf4j-simple-1.7.5.jar;axml-2.0.jar soot.jimple.infoflow.android.TestApps.Test "InsecureBank.apk" C:UsersanikDownloadssdkplatforms Heap size dependencies Input file 17
Method Contd. Call graph 18
Method Contd. No. of source & sinks Sink from source connection Performance analysis 19
Method Contd. Automatic classification using ORCA method. Bay & Schwabacher introduced this technique in 2003 in their research paper. Step 2 & 3 20
Data The initial test was conducted in March 2014 on 2950 apps from 30 app category. 2866 apps they could test. Benign 25,577 apps selected from VirusShare and Genom malware projects . 15,338 apps were actually test. Malicious 21
Data Contd. Ignored Log & Intent. Network & SMS_MMS sinks. False positives were almost 18.7 % while recognizing false positives. Outlier score in individual categories are good indicators of malicious behavior. 22
Related Work Hp Fortify - different kinds of findings Data flows from sensitive sources to public sinks Requests for security-sensitive permissions. Calls to security-sensitive methods. LeakMiner – appears similar to Mudflow an app can be analyzed in 2.5 minutes on average. 23
Critique FlowDroid performance tuning technique is not used to fix 16 apps RAM size issue. 24
Extension Optimize analysis so that apps of varied sizes can be analyzed.1 Provide results in comparison commercial tools available in market like we discussed and conduct a survey with industry experts. 2 25
Summary Researchers of paper Task – Android apk malware analysis Technique – Reverse Engineering of .apk file Triage, Static and Dynamic Analysis Mudflow Motivation – Local Restaurant example Method – Static analysis tools Step1 FlowDroid Step2 ORCA method Step3 Aggregate step 2 scores Data set – Benign 2866 Malicious 15338 Related work – Commercial tool HP fortify, IBM AppScan LeakMiner Critique – FlowDroid performance tuning Extension – Optimization, Survey with experts 26

More Related Content

PPTX
Using Cognitive Dimensions Questionnaire to Evaluate the Usability of Securit...
Chamila Wijayarathna
 
PDF
Knowledge and Data Engineering IEEE 2015 Projects
Vijay Karan
 
PDF
Zero day malware detection
sujeeshkumarj
 
PPT
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMS
AAKANKSHA JAIN
 
PDF
178 - A replicated study on duplicate detection: Using Apache Lucene to searc...
ESEM 2014
 
PDF
Knowledge and Data Engineering IEEE 2015 Projects
Vijay Karan
 
PDF
Analysis of Malware Infected Systems & Classification with Gradient-boosted T...
Darshan Gorasiya
 
PDF
BugLoc: Bug Localization in Multi Threaded Application via Graph Mining Approach
ijcoa
 
Using Cognitive Dimensions Questionnaire to Evaluate the Usability of Securit...
Chamila Wijayarathna
 
Knowledge and Data Engineering IEEE 2015 Projects
Vijay Karan
 
Zero day malware detection
sujeeshkumarj
 
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMS
AAKANKSHA JAIN
 
178 - A replicated study on duplicate detection: Using Apache Lucene to searc...
ESEM 2014
 
Knowledge and Data Engineering IEEE 2015 Projects
Vijay Karan
 
Analysis of Malware Infected Systems & Classification with Gradient-boosted T...
Darshan Gorasiya
 
BugLoc: Bug Localization in Multi Threaded Application via Graph Mining Approach
ijcoa
 

What's hot (20)

PDF
Survey on Fraud Malware Detection in Google Play Store
IRJET Journal
 
PPTX
Lie detector
ankit jha
 
PDF
IRJET- Plagiarism Checker
IRJET Journal
 
PDF
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 
PDF
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 
PDF
Immumetrix
Compassites Software Solutions
 
PPTX
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
FÜrderverein Technische Fakultät
 
PDF
IRJET- Android Malware Detection using Deep Learning
IRJET Journal
 
PDF
Penetration testing services
Alisha Henderson
 
PPTX
Predicting Defects Using Change Genealogies (ISSE 2013)
Kim Herzig
 
PPTX
Advantages of a Paperless Laboratory with an ELN
Accelrys, inc
 
PDF
Nonadaptive mastermind algorithms for string and vector databases, with case ...
Ecway Technologies
 
PDF
A Survey on Bug Tracking System for Effective Bug Clearance
IRJET Journal
 
PDF
abstract
Maxime Javaux
 
PDF
Syndromic surveillance - Health Analytics on Social Media
usegment
 
PDF
resume_cs
Aileen Cheng
 
PPTX
Evaluating the possibility of integrating augmented reality and internet of t...
Fatemeh Ghorbani
 
DOCX
Res_010717
Yusuf Anderson
 
PDF
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Pietro De Nicolao
 
PDF
Some insights from a Systematic Mapping Study and a Systematic Review Study: ...
Phu H. Nguyen
 
Survey on Fraud Malware Detection in Google Play Store
IRJET Journal
 
Lie detector
ankit jha
 
IRJET- Plagiarism Checker
IRJET Journal
 
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
IJNSA Journal
 
Immumetrix
Compassites Software Solutions
 
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
FÜrderverein Technische Fakultät
 
IRJET- Android Malware Detection using Deep Learning
IRJET Journal
 
Penetration testing services
Alisha Henderson
 
Predicting Defects Using Change Genealogies (ISSE 2013)
Kim Herzig
 
Advantages of a Paperless Laboratory with an ELN
Accelrys, inc
 
Nonadaptive mastermind algorithms for string and vector databases, with case ...
Ecway Technologies
 
A Survey on Bug Tracking System for Effective Bug Clearance
IRJET Journal
 
abstract
Maxime Javaux
 
Syndromic surveillance - Health Analytics on Social Media
usegment
 
resume_cs
Aileen Cheng
 
Evaluating the possibility of integrating augmented reality and internet of t...
Fatemeh Ghorbani
 
Res_010717
Yusuf Anderson
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Pietro De Nicolao
 
Some insights from a Systematic Mapping Study and a Systematic Review Study: ...
Phu H. Nguyen
 
Ad

Similar to Reverse Engineering android Malware analysis (20)

PDF
Android Malware Detection in Official and Third Party Application Stores
Eswar Publications
 
PDF
Final_Presentation_FlowDroid
Kruti Sharma
 
PDF
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET Journal
 
PDF
20120140504023
IAEME Publication
 
PDF
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...
IRJET Journal
 
PDF
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET Journal
 
PDF
Permission Driven Malware Detection using Machine Learning
IRJET Journal
 
PDF
Android Malware Detection Literature Review
Ahmed Sabbah
 
PDF
Permission based Android Malware Detection using Random Forest
IRJET Journal
 
PDF
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET Journal
 
PDF
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET Journal
 
PPTX
NYIT research on malware detection in android devices
nadeeni8888
 
PPTX
Droidcon mobile security
Judy Ngure
 
PDF
Irjet v7 i3811
aissmsblogs
 
PDF
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
oxeyassin
 
PDF
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
IOSR Journals
 
PDF
thesisSlides
Joey Allen
 
PDF
thesisSlides
Joey Allen
 
PPTX
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
CHOOSE
 
PDF
Taxonomy mobile malware threats and detection techniques
csandit
 
Android Malware Detection in Official and Third Party Application Stores
Eswar Publications
 
Final_Presentation_FlowDroid
Kruti Sharma
 
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...
IRJET Journal
 
20120140504023
IAEME Publication
 
IRJET- Secured Analysis of Android Applications using Permission Accessing Sy...
IRJET Journal
 
IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices
IRJET Journal
 
Permission Driven Malware Detection using Machine Learning
IRJET Journal
 
Android Malware Detection Literature Review
Ahmed Sabbah
 
Permission based Android Malware Detection using Random Forest
IRJET Journal
 
IRJET - System to Identify and Define Security Threats to the users About The...
IRJET Journal
 
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET Journal
 
NYIT research on malware detection in android devices
nadeeni8888
 
Droidcon mobile security
Judy Ngure
 
Irjet v7 i3811
aissmsblogs
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
oxeyassin
 
Android Malware: Study and analysis of malware for privacy leak in ad-hoc net...
IOSR Journals
 
thesisSlides
Joey Allen
 
thesisSlides
Joey Allen
 
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
CHOOSE
 
Taxonomy mobile malware threats and detection techniques
csandit
 
Ad

Recently uploaded (20)

PPTX
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
PPTX
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
PPTX
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
PPTX
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Website Design Services for Small Businesses.pdf
ecomme9
 
PDF
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
PDF
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
PPTX
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
PPTX
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
17 Powerful Integrations Your Next-Gen MLM Software Needs
ventaforcemlmsoftwar
 
PPTX
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
PDF
Salesforce Agentforce AI Implementation.pdf
Robert Mark
 
PDF
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
PPTX
Patient Appointment Booking in Odoo with online payment
AxisTechnolabs
 
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
AMADEUS TRAVEL AGENT SOFTWARE | AMADEUS TICKETING SYSTEM
philipnathen82
 
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Website Design Services for Small Businesses.pdf
ecomme9
 
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
How to Make Money in the Metaverse_ Top Strategies for Beginners.pdf
Herond Labs
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
WiFi Honeypot Detecscfddssdffsedfseztor.pptx
singlesrihari
 
Embracing Complexity in Serverless! GOTO Serverless Bengaluru
SheenBrisals
 
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
assetexplorer- product-overview - presentation
nonameist3434
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
17 Powerful Integrations Your Next-Gen MLM Software Needs
ventaforcemlmsoftwar
 
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
Salesforce Agentforce AI Implementation.pdf
Robert Mark
 
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
Patient Appointment Booking in Odoo with online payment
AxisTechnolabs
 

Reverse Engineering android Malware analysis

  • 1. MINING APPS FOR ABNORMAL USAGE OF SENSITIVE DATA By Anik Ralhan(Paper 8 – Security) Course Name: SENG 607 L01 - Special Topics in Software Engineering Supervisor: Prof. Hadi Hemmati 1
  • 3. Authors PhD student, Since summer 2014 I'm working as a research assistant at Software Engineering chair Saarland University Vitalii Avdiienko Konstantin Kuznetsov PhD student in the Software Engineering Chair at Saarland University Alessandra Gorla Assistant researcher professor at the IMDEA Software Institute in Madrid, Spain. 3
  • 4. Authors Contd. Andreas Zeller Full professor for Software Engineering at Saarland University in Germany 4
  • 5. Authors Contd. Head of Department Secure Software Engineering at Fraunhofer SIT Steven Arzt Siegfried Rasthofer Researcher, Fraunhofer Institute for Secure Information Technology Head of program committee of ACM International Symposium on Engineering Secure Software and Systems (ESSoS) Prof. Dr. Eric Bodden 5
  • 6. Task Detect whether a mobile application behaves as expected is a prominent problem for users. 6
  • 8. Technique Contd. Triage: Depending on workload, analysis what, how and fix. Static: Like reading a map for directions on where to go. Dynamic: deeper analysis of the program to understand hidden functionality. 8
  • 9. Technique: MUDFLOW Not just a pattern match. Trained with flow of data in benign apps. compares behavior of mined large set of benign apps. If abnormal, it declares as Malicious!!!!!!!!! 9
  • 14. Method Contd. Flowdroid: The static taint analysis tool with 86% precise & 93% recall on DroidBench Analysis is based on Soot, Heros and SuSi. Necessary meta information are extracted from Android’s manifest file, dex files and layout xml files. Step 1 14
  • 17. Method Contd. java -Xmx4g -cp soot-trunk.jar;soot-infoflow.jar;soot-infoflow- android.jar;slf4j-api-1.7.5.jar;slf4j-simple-1.7.5.jar;axml-2.0.jar soot.jimple.infoflow.android.TestApps.Test "InsecureBank.apk" C:UsersanikDownloadssdkplatforms Heap size dependencies Input file 17
  • 19. Method Contd. No. of source & sinks Sink from source connection Performance analysis 19
  • 20. Method Contd. Automatic classification using ORCA method. Bay & Schwabacher introduced this technique in 2003 in their research paper. Step 2 & 3 20
  • 21. Data The initial test was conducted in March 2014 on 2950 apps from 30 app category. 2866 apps they could test. Benign 25,577 apps selected from VirusShare and Genom malware projects . 15,338 apps were actually test. Malicious 21
  • 22. Data Contd. Ignored Log & Intent. Network & SMS_MMS sinks. False positives were almost 18.7 % while recognizing false positives. Outlier score in individual categories are good indicators of malicious behavior. 22
  • 23. Related Work Hp Fortify - different kinds of findings Data flows from sensitive sources to public sinks Requests for security-sensitive permissions. Calls to security-sensitive methods. LeakMiner – appears similar to Mudflow an app can be analyzed in 2.5 minutes on average. 23
  • 24. Critique FlowDroid performance tuning technique is not used to fix 16 apps RAM size issue. 24
  • 25. Extension Optimize analysis so that apps of varied sizes can be analyzed.1 Provide results in comparison commercial tools available in market like we discussed and conduct a survey with industry experts. 2 25
  • 26. Summary Researchers of paper Task – Android apk malware analysis Technique – Reverse Engineering of .apk file Triage, Static and Dynamic Analysis Mudflow Motivation – Local Restaurant example Method – Static analysis tools Step1 FlowDroid Step2 ORCA method Step3 Aggregate step 2 scores Data set – Benign 2866 Malicious 15338 Related work – Commercial tool HP fortify, IBM AppScan LeakMiner Critique – FlowDroid performance tuning Extension – Optimization, Survey with experts 26