Abstract
Mobile computing has experienced enormous growth in market share and computational power in recent years. As a result, mobile malware is becoming more sophisticated and more prevalent, leading to research into dynamic sandboxes as a widespread approach for detecting malicious applications. However, the event-driven nature of Android applications renders critical the capability to automatically generate deterministic and intelligent user interactions to drive analysis subjects and improve code coverage. In this paper, we present CuriousDroid, an automated system for exercising Android application user interfaces in an intelligent, user-like manner. CuriousDroid operates by decomposing application user interfaces on-the-fly and creating a context-based model for interactions that is tailored to the current user layout. We integrated CuriousDroid with Andrubis, a well-known Android sandbox, and conducted a large-scale evaluation of 38,872 applications taken from different data sets. Our evaluation demonstrates significant improvements in both end-to-end sample classification as well as increases in the raw number of elicited behaviors at runtime.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Andrubis. http://anubis.iseclab.org/
Hierarchy Viewer. http://developer.android.com/tools/help/hierarchy-viewer.html
MonkeyRunner. http://developer.android.com/tools/help/monkeyrunner_concepts.html
UI/Application Exerciser Monkey. http://developer.android.com/tools/help/monkey.html
Azim, T., Neamtiu, I.: Targeted and depth-first exploration for systematic testing of Android apps. In: International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA) (2013)
Choi, W., Necula, G., Sen, K.: Guided GUI testing of Android apps with minimal restart and approximate learning. In: International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA) (2013)
Chung, F.: Android Developers Blog (2011). http://android-developers.blogspot.com/2011/07/custom-class-loading-in-dalvik.html. Accessed 5 May 2014
Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in Android applications. In: ACM Conference on Computer and Communications Security (CCS) (2013)
Enck, W., Ongtang, M., McDaniel, P.D., et al.: Understanding Android security. IEEE Secur. Priv. (Oakland) 7, 50–57 (2009)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: ACM Conference on Computer and Communications Security (CCS) (2011)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2011)
Gomez, L., Neamtiu, I., Azim, T., Millstein, T.: RERAN: timing- and touch-sensitive record and replay for Android. In: International Conference on Software Engineering (ICSE) (2013)
Lindorfer, M., Neugschwandtner, M., Platzer, C.: MARVIN: efficient and comprehensive mobile app. Classification through static and dynamic analysis. In: Annual International Computers, Software & Applications Conference (COMPSAC) (2015)
Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., van der Veen, V., Platzer, C.: ANDRUBIS - 1,000,000 apps later: a view on current Android malware behaviors. In: Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) (2014)
Liu, B., Nath, S., Govindan, R., Liu, J.: DECAF: detecting and characterizing ad fraud in mobile apps. In: USENIX Conference on Networked Systems Design and Implementation (NSDI) (2014)
MacHiry, A., Tahiliani, R., Naik, M.: Dynodroid: an input generation system for Android apps. In: Foundations of Software Engineering (2013)
Maggi, F., Valdi, A., Zanero, S.: AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2013)
Mulliner, C.: Dynamic Dalvik Intrumentation (DDI). https://github.com/crmulliner/ddi
Neuner, S., Van der Veen, V., Lindorfer, M., Huber, M., Merzdovnik, G., Mulazzani, M., Weippl, E.R.: Enter sandbox: Android sandbox comparison. In: IEEE Mobile Security Technologies Workshop (MoST) (2014)
Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: Conference on Data and Application Security and Privacy (CODASPY) (2013)
Reina, A., Fattori, A., Cavallaro, L.: A system call-centric analysis and stimulation technique to automatically reconstruct Android malware. In: European Workshop on Systems Security (EuroSec) (2013)
Smith, A.: Americans and mobile computing: key trends and consumer research (2011). http://www.slideshare.net/PewInternet/americans-and-mobile-computing-key-trends-in-consumer-research. Accessed 7 May 2014
Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-sandbox: having a deeper look into Android applications. In: Symposium on Applied Computing (SAC) (2013)
Strategy Analytics: Android captures record 85 percent share of global smartphone shipments in Q2 2014 (2014). http://www.prnewswire.com/news-releases/strategy-analytics-android-captures-record-85-percent-share-of-global-smartphone-shipments-in-q2-2014-269301171.html
Vidas, T., Christin, N.: Evading Android runtime analysis via sandbox detection. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2014)
Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: USENIX Security Symposium (2012)
Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: SmartDroid: an automatic system for revealing UI-based trigger conditions in Android applications. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2012)
Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, Oakland (2012)
Acknowledgements
This material is based upon work supported by the National Science Foundation under Grant No. CNS-1409738. The research leading to these results has received funding from the FFG – Austrian Research Promotion under grant COMET K1 and has been carried out within the scope of u’smile, the Josef Ressel Center for User-Friendly Secure Mobile Environments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 International Financial Cryptography Association
About this paper
Cite this paper
Carter, P., Mulliner, C., Lindorfer, M., Robertson, W., Kirda, E. (2017). CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In: Grossklags, J., Preneel, B. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54970-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-662-54970-4_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-54969-8
Online ISBN: 978-3-662-54970-4
eBook Packages: Computer ScienceComputer Science (R0)