ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors

Martina Lindorfer; Matthias Neugschwandtner; Lukas Weichselbaum; Yanick Fratantonio; Victor van der Veen; Christian Platzer

doi:10.1109/BADGERS.2014.7

ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors

Martina Lindorfer
, Matthias Neugschwandtner
, Lukas Weichselbaum
, Yanick Fratantonio
, Victor van der Veen
, Christian Platzer

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

© 2014 IEEE.Android is the most popular smartphone operating system with a market share of 80%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract characteristic information about an app in an automated fashion. While the importance of such tools has been addressed by the research community, the resulting prototypes remain limited in terms of analysis capabilities and availability. In this paper we present ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps. ANDRUBIS combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. With ANDRUBIS, we collected a dataset of over 1,000,000 Android apps, including 40% malicious apps. This dataset allows us to discuss trends in malware behavior observed from apps dating back as far as 2010, as well as to present insights gained from operating ANDRUBIS as a publicly available service for the past two years.

Original language	English
Title of host publication	Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014
Pages	3-17
Number of pages	15
DOIs	https://doi.org/10.1109/BADGERS.2014.7
Publication status	Published - 2014

Keywords

Android
Data Collection
Dynamic Analysis
Malware
Measurements
Statis Analysis

Access to Document

10.1109/BADGERS.2014.7

Persistent URL (handle)

Persistent link

Cite this

Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., van der Veen, V., & Platzer, C. (2014). ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014 (pp. 3-17) https://doi.org/10.1109/BADGERS.2014.7

@inproceedings{390c476c92d842dd9c9541e2edcbce24,

title = "ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors",

abstract = "{\textcopyright} 2014 IEEE.Android is the most popular smartphone operating system with a market share of 80\%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract characteristic information about an app in an automated fashion. While the importance of such tools has been addressed by the research community, the resulting prototypes remain limited in terms of analysis capabilities and availability. In this paper we present ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps. ANDRUBIS combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. With ANDRUBIS, we collected a dataset of over 1,000,000 Android apps, including 40\% malicious apps. This dataset allows us to discuss trends in malware behavior observed from apps dating back as far as 2010, as well as to present insights gained from operating ANDRUBIS as a publicly available service for the past two years.",

keywords = "Android, Data Collection, Dynamic Analysis, Malware, Measurements, Statis Analysis",

author = "Martina Lindorfer and Matthias Neugschwandtner and Lukas Weichselbaum and Yanick Fratantonio and \{van der Veen\}, Victor and Christian Platzer",

year = "2014",

doi = "10.1109/BADGERS.2014.7",

language = "English",

pages = "3--17",

booktitle = "Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014",

}

ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors. / Lindorfer, Martina; Neugschwandtner, Matthias; Weichselbaum, Lukas et al.
Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014. 2014. p. 3-17.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors

AU - Lindorfer, Martina

AU - Neugschwandtner, Matthias

AU - Weichselbaum, Lukas

AU - Fratantonio, Yanick

AU - van der Veen, Victor

AU - Platzer, Christian

PY - 2014

Y1 - 2014

N2 - © 2014 IEEE.Android is the most popular smartphone operating system with a market share of 80%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract characteristic information about an app in an automated fashion. While the importance of such tools has been addressed by the research community, the resulting prototypes remain limited in terms of analysis capabilities and availability. In this paper we present ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps. ANDRUBIS combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. With ANDRUBIS, we collected a dataset of over 1,000,000 Android apps, including 40% malicious apps. This dataset allows us to discuss trends in malware behavior observed from apps dating back as far as 2010, as well as to present insights gained from operating ANDRUBIS as a publicly available service for the past two years.

AB - © 2014 IEEE.Android is the most popular smartphone operating system with a market share of 80%, but as a consequence, also the platform most targeted by malware. To deal with the increasing number of malicious Android apps in the wild, malware analysts typically rely on analysis tools to extract characteristic information about an app in an automated fashion. While the importance of such tools has been addressed by the research community, the resulting prototypes remain limited in terms of analysis capabilities and availability. In this paper we present ANDRUBIS, a fully automated, publicly available and comprehensive analysis system for Android apps. ANDRUBIS combines static analysis with dynamic analysis on both Dalvik VM and system level, as well as several stimulation techniques to increase code coverage. With ANDRUBIS, we collected a dataset of over 1,000,000 Android apps, including 40% malicious apps. This dataset allows us to discuss trends in malware behavior observed from apps dating back as far as 2010, as well as to present insights gained from operating ANDRUBIS as a publicly available service for the past two years.

KW - Android

KW - Data Collection

KW - Dynamic Analysis

KW - Malware

KW - Measurements

KW - Statis Analysis

UR - https://www.scopus.com/pages/publications/84968718794

UR - https://www.scopus.com/pages/publications/84968718794#tab=citedBy

U2 - 10.1109/BADGERS.2014.7

DO - 10.1109/BADGERS.2014.7

M3 - Conference contribution

SP - 3

EP - 17

BT - Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014

ER -

ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors

Abstract

Keywords

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this