Abstract

Both Android application developers and malware authors use sophisticated obfuscation tools to prevent their mobile applications from being repackaged and analyzed. These tools obfuscate sensitive strings and classes, API calls, and control flows in the Dalvik bytecode. Consequently, it is inevitable for the security analysts to spend significant amount of time for understanding the robustness of these obfuscation techniques and fully comprehending the intentions of each application. Since such analyses are often errorprone and require extensive analysis experience, it is critical to explore a novel approach to systematically analyze Android application bytecode. In this paper, we propose an approach to address such a critical challenge by placing hooks in the Dalvik virtual machine at the point where a Dalvik instruction is about to be executed. Also, we demonstrate the effectiveness of our approach through case studies on real-world applications with our prototype, called DexMonitor.

Original languageEnglish (US)
JournalIEEE Access
DOIs
StateAccepted/In press - Jan 1 2018

    Fingerprint

Keywords

  • Android Application Analysis
  • Bytecode Monitoring
  • Encryption
  • Java
  • Malware
  • Mobile Security
  • Monitoring
  • Static analysis
  • Virtual machining

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Cite this