TY - GEN
T1 - ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors
AU - Lindorfer, Martina
AU - Neugschwandtner, Matthias
AU - Weichselbaum, Lukas
AU - Fratantonio, Yanick
AU - van der Veen, Victor
AU - Platzer, Christian
PY - 2014
Y1 - 2014
N2 - © 2014 IEEE.Android is the most popular smartphone operating system with a market share of 80%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract characteristic information about an app in an automated fashion. While the importance of such tools has been addressed by the research community, the resulting prototypes remain limited in terms of analysis capabilities and availability. In this paper we present ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps. ANDRUBIS combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. With ANDRUBIS, we collected a dataset of over 1,000,000 Android apps, including 40% malicious apps. This dataset allows us to discuss trends in malware behavior observed from apps dating back as far as 2010, as well as to present insights gained from operating ANDRUBIS as a publicly available service for the past two years.
AB - © 2014 IEEE.Android is the most popular smartphone operating system with a market share of 80%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract characteristic information about an app in an automated fashion. While the importance of such tools has been addressed by the research community, the resulting prototypes remain limited in terms of analysis capabilities and availability. In this paper we present ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps. ANDRUBIS combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. With ANDRUBIS, we collected a dataset of over 1,000,000 Android apps, including 40% malicious apps. This dataset allows us to discuss trends in malware behavior observed from apps dating back as far as 2010, as well as to present insights gained from operating ANDRUBIS as a publicly available service for the past two years.
KW - Android
KW - Data Collection
KW - Dynamic Analysis
KW - Malware
KW - Measurements
KW - Statis Analysis
UR - http://www.scopus.com/inward/record.url?scp=84968718794&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84968718794&partnerID=8YFLogxK
U2 - 10.1109/BADGERS.2014.7
DO - 10.1109/BADGERS.2014.7
M3 - Conference contribution
SP - 3
EP - 17
BT - Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014
ER -