Dynalog: an automated dynamic analysis framework for characterizing android applications

Mohammed K. Alzaylaee; Suleiman Y. Yerima; Sakir Sezer

doi:10.1109/CyberSecPODS.2016.7502337

Dynalog: an automated dynamic analysis framework for characterizing android applications

Mohammed K. Alzaylaee, Suleiman Y. Yerima, Sakir Sezer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

48 Citations (Scopus)

930 Downloads (Pure)

Abstract

Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The framework provides the capability to analyse the behaviour of applications based on an extensive number of dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities for effective analysis and detection of malicious applications.

Original language	English
Title of host publication	Proceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)
Publisher	Institute of Electrical and Electronics Engineers Inc.
Number of pages	8
ISBN (Electronic)	978-1-5090-0709-7
DOIs	https://doi.org/10.1109/CyberSecPODS.2016.7502337
Publication status	Published - 11 Jul 2016
Event	2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security) - London, United Kingdom Duration: 13 Jun 2016 → 14 Jun 2016 http://www.c-mric.com/cs-2016

Conference

Conference	2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)
Country/Territory	United Kingdom
City	London
Period	13/06/2016 → 14/06/2016
Internet address	http://www.c-mric.com/cs-2016

Keywords

malware detection
dynamic analysis
Android
application security
malware analysis

Access to Document

10.1109/CyberSecPODS.2016.7502337Licence: Unspecified

DynaLog: An automated dynamic analysis framework for characterizing Android applications
© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 518 KBLicence: Unspecified

Enhanced machine learning based dynamic detection of evasive android malware
Alzaylaee, M. (Author), Sezer, S. (Supervisor) & Yerima, S. (Supervisor), Dec 2019
Student thesis: Doctoral Thesis › Doctor of Philosophy

File

Cite this

Alzaylaee, M. K., Yerima, S. Y., & Sezer, S. (2016). Dynalog: an automated dynamic analysis framework for characterizing android applications. In Proceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security) Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CyberSecPODS.2016.7502337

@inproceedings{8f27fa6ad5f24720b8b86367013a8cca,

title = "Dynalog: an automated dynamic analysis framework for characterizing android applications",

abstract = "Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The framework provides the capability to analyse the behaviour of applications based on an extensive number of dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities for effective analysis and detection of malicious applications.",

keywords = "malware detection, dynamic analysis, Android, application security, malware analysis",

author = "Alzaylaee, {Mohammed K.} and Yerima, {Suleiman Y.} and Sakir Sezer",

year = "2016",

month = jul,

day = "11",

doi = "10.1109/CyberSecPODS.2016.7502337",

language = "English",

booktitle = "Proceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security) ; Conference date: 13-06-2016 Through 14-06-2016",

url = "http://www.c-mric.com/cs-2016",

}

Alzaylaee, MK, Yerima, SY & Sezer, S 2016, Dynalog: an automated dynamic analysis framework for characterizing android applications. in Proceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). Institute of Electrical and Electronics Engineers Inc., 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security), London, United Kingdom, 13/06/2016. https://doi.org/10.1109/CyberSecPODS.2016.7502337

Dynalog: an automated dynamic analysis framework for characterizing android applications. / Alzaylaee, Mohammed K.; Yerima, Suleiman Y.; Sezer, Sakir.
Proceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). Institute of Electrical and Electronics Engineers Inc., 2016.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Dynalog: an automated dynamic analysis framework for characterizing android applications

AU - Alzaylaee, Mohammed K.

AU - Yerima, Suleiman Y.

AU - Sezer, Sakir

PY - 2016/7/11

Y1 - 2016/7/11

N2 - Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The framework provides the capability to analyse the behaviour of applications based on an extensive number of dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities for effective analysis and detection of malicious applications.

AB - Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The framework provides the capability to analyse the behaviour of applications based on an extensive number of dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities for effective analysis and detection of malicious applications.

KW - malware detection

KW - dynamic analysis

KW - Android

KW - application security

KW - malware analysis

U2 - 10.1109/CyberSecPODS.2016.7502337

DO - 10.1109/CyberSecPODS.2016.7502337

M3 - Conference contribution

BT - Proceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)

Y2 - 13 June 2016 through 14 June 2016

ER -

Dynalog: an automated dynamic analysis framework for characterizing android applications

Abstract

Conference

Keywords

Access to Document

Fingerprint

Student theses

Enhanced machine learning based dynamic detection of evasive android malware

Cite this