loading
Documents

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Catherine Boileau 1 ; Francois Gagnon 2 ; Jérémie Poisson 2 ; Simon Frenette 2 and Mohamed Mejri 1

Affiliations: 1 Université Laval, Canada ; 2 CybersecLab at Cegep de Sainte-Foy, Canada

ISBN: 978-989-758-196-0

Keyword(s): Dynamic Malware Analysis, Android, Sandboxing.

Related Ontology Subjects/Areas/Topics: Data Communication Networking ; Information and Systems Security ; Modeling & Simulation of Communication Networks and Systems ; Network Security ; Telecommunications ; Traffic Measurement, Analysis, Modeling and Visualization ; Ubiquitous Communication Networks ; Wireless Network Security

Abstract: One of the numerous ways of addressing the Android malware threat is to run malicious applications in a sandbox environment while monitoring metrics. However, dynamic malware analysis is usually concerned with a one-time execution of an application, and information about behaviour in different environments is lacking in the literature. We fill this gap with a fuzzy-like approach to the problem: by running the same malware multiple times in different environments, we gain insight on the malware behaviour and his peculiarities. To implement this approach, we leverage a client-server sandbox to run experiments, based on a common suit of actions. Scenarios are executed multiple times on a malware sample, each time with a different parameter, and results are compared to determine variation in observed behaviour. In our current experiment, variation was introduced by different levels of simulation, allowing us to compare metrics such as failure rate, data leakages, sending of SMS, and t he number of HTTP and DNS requests. We find the behaviour is different for data leakages, which require no simulation to leak information, while all results for other metrics were higher when simulation was used in experiments. We expect that a fuzzing approach with others parameters will further our understanding of malware behaviour, particularly for malware bound to such parameters. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 34.204.169.76

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Boileau, C.; Gagnon, F.; Poisson, J.; Frenette, S. and Mejri, M. (2016). A Comparative Study of Android Malware Behavior in Different Contexts.In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 1: DCNET, (ICETE 2016) ISBN 978-989-758-196-0, pages 47-54. DOI: 10.5220/0005997300470054

@conference{dcnet16,
author={Catherine Boileau. and Francois Gagnon. and Jérémie Poisson. and Simon Frenette. and Mohamed Mejri.},
title={A Comparative Study of Android Malware Behavior in Different Contexts},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 1: DCNET, (ICETE 2016)},
year={2016},
pages={47-54},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005997300470054},
isbn={978-989-758-196-0},
}

TY - CONF

JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 1: DCNET, (ICETE 2016)
TI - A Comparative Study of Android Malware Behavior in Different Contexts
SN - 978-989-758-196-0
AU - Boileau, C.
AU - Gagnon, F.
AU - Poisson, J.
AU - Frenette, S.
AU - Mejri, M.
PY - 2016
SP - 47
EP - 54
DO - 10.5220/0005997300470054

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.