FA3: Fine-Grained Android Application Analysis

FA3: Fine-Grained Android Application Analysis

Understanding Android applications' behavior is essential to many security applications, e.g., malware analysis. Although many systems have been proposed to perform such dynamic analysis, they are limited by their applicable analysis environment (on device vs. emulator), transparency to subject...

Full description

Saved in:
Bibliographic Details
Main Authors: LIN, Yan, WONG, Weng Onn, GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2023
Subjects:
Android malware
Mobile security
Android applications
Fine-grained
Information Security
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/7776
https://ink.library.smu.edu.sg/context/sis_research/article/8779/viewcontent/3572864.3580338_pvoa.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8779
record_format dspace
spelling sg-smu-ink.sis_research-87792023-04-04T03:25:09Z FA3: Fine-Grained Android Application Analysis LIN, Yan WONG, Weng Onn GAO, Debin Understanding Android applications' behavior is essential to many security applications, e.g., malware analysis. Although many systems have been proposed to perform such dynamic analysis, they are limited by their applicable analysis environment (on device vs. emulator), transparency to subject apps, applicable runtime (Dalvik vs. ART), applicable system stack, or granularity. In this paper, we propose FA3 (Fine-Grained Android Application Analysis), a novel on-device, non-invasive, and fine-grained analysis platform by leveraging existing profiling mechanisms in the Android Runtime (ART) and kernel to inspect method invocations and control-flow transfers for both Java methods and third-party native libraries. FA3 embeds its tracing capability in multiple layers of the Android system stack to not only capture fine-grained application behaviors but ensure even non-conventional or malicious tricks of loading and executing OAT/ELF binaries cannot escape our monitoring. We carefully evaluated FA3 using real-world malware. Experimental results showed that FA3 successfully analyzes sophisticated malware samples and provides a comprehensive view of their behavior. 2023-02-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7776 info:doi/10.1145/3572864.3580338 https://ink.library.smu.edu.sg/context/sis_research/article/8779/viewcontent/3572864.3580338_pvoa.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android malware Mobile security Android applications Fine-grained Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Android malware
Mobile security
Android applications
Fine-grained
Information Security
Software Engineering
spellingShingle Android malware
Mobile security
Android applications
Fine-grained
Information Security
Software Engineering
LIN, Yan
WONG, Weng Onn
GAO, Debin
FA3: Fine-Grained Android Application Analysis
description Understanding Android applications' behavior is essential to many security applications, e.g., malware analysis. Although many systems have been proposed to perform such dynamic analysis, they are limited by their applicable analysis environment (on device vs. emulator), transparency to subject apps, applicable runtime (Dalvik vs. ART), applicable system stack, or granularity. In this paper, we propose FA3 (Fine-Grained Android Application Analysis), a novel on-device, non-invasive, and fine-grained analysis platform by leveraging existing profiling mechanisms in the Android Runtime (ART) and kernel to inspect method invocations and control-flow transfers for both Java methods and third-party native libraries. FA3 embeds its tracing capability in multiple layers of the Android system stack to not only capture fine-grained application behaviors but ensure even non-conventional or malicious tricks of loading and executing OAT/ELF binaries cannot escape our monitoring. We carefully evaluated FA3 using real-world malware. Experimental results showed that FA3 successfully analyzes sophisticated malware samples and provides a comprehensive view of their behavior.
format text
author LIN, Yan
WONG, Weng Onn
GAO, Debin
author_facet LIN, Yan
WONG, Weng Onn
GAO, Debin
author_sort LIN, Yan
title FA3: Fine-Grained Android Application Analysis
title_short FA3: Fine-Grained Android Application Analysis
title_full FA3: Fine-Grained Android Application Analysis
title_fullStr FA3: Fine-Grained Android Application Analysis
title_full_unstemmed FA3: Fine-Grained Android Application Analysis
title_sort fa3: fine-grained android application analysis
publisher Institutional Knowledge at Singapore Management University
publishDate 2023
url https://ink.library.smu.edu.sg/sis_research/7776
https://ink.library.smu.edu.sg/context/sis_research/article/8779/viewcontent/3572864.3580338_pvoa.pdf
_version_ 1770576512346488832

Similar Items