4MMSR-Network Security-2012-2013-Android Malware Detection Using Run-Time Properties Monitoring
Android Malware Detection and Prevention Using Run-Time Monitoring and Enforcement of Properties
android,dynamic analysis, malware, run-time monitoring
- considered applications categories:
- plane tickets comparator application
- for each considered categories,
- a set of known to be "good" applications (ie without malicious code inside)
- a set of known "malicious/bad" appliactions (ie with malicious code inside)
---> for the second one, we will mainly use malware.lu
- properties to be monitored and enforced for the considered categories
- plugin for droidbox that monitors those properties at runtime and stop the execution if one of them is violated
- knowing a set of "good" applications for a given category (e.g., games), can we identify characteristics that hold for "most of those applications"?
- temporal behavioral patterns
- difference between permissions exposed in manifest.xml and actually used permissions
- other ideas?
- can we detect "malicious/bad" applications with the properties we wrote?
- what is our precision? (false negative, false positive)
- performance overhead?
- DroidBox (compile)
- RV Droid: Runtime Verification and Enforcement for Android Applications. Y. Falcone, S. Currea, M. Jaber. (2012)
- Hacking Android For Fun and Profit, Damien Cauquil 2011 (slides 32,33)
- Android Manifest Permissions
- malware.lu for malware sources
Programmation par Aspects
- create an archive on the ensimag server, so that only your team members and I have access to it.
- obviously, do not forget to send me the path afterwards