Mapping System Level Behaviors with Android APIs via System Call Dependence Graphs

Due to Android's open source feature and low barriers to entry for developers, millions of developers and third-party organizations have been attracted into the Android ecosystem. However, over 90 percent of mobile malware are found targeted on Android. Though Android provides multiple security features and layers to protect user data and system resources, there are still some over-privileged applications in Google Play Store or third-party Android app stores at wild. In this paper, we proposed an approach to map system level behavior and Android APIs, based on the observation that system level behaviors cannot be avoided but sensitive Android APIs could be evaded. To the best of our knowledge, our approach provides the first work to map system level behavior and Android APIs through System Call Dependence Graphs. The study also shows that our approach can effectively identify potential permission abusing, with almost negligible performance impact.Comment: 14 pages, 6 figure

Behavioral Analysis of Android Applications Using Automated Instrumentation

Abstract—Google’s Android operating system has become one the most popular operating system for hand-held devices. Due to its ubiquitous use, open source nature and wide-spread popularity, it has become the target of recent mobile malware. In this paper, we present our efforts on effective security inspection mechanisms for identification of malicious applications for Android mobile applications. To achieve that, we developed a comprehensive software inspection framework. Moreover, to identify potential software reliability flaws and to trigger malware, we develop a transparent instrumentation system for automating user interactions with an Android application that does not require source code. Additionally, for run-time behavior analysis of an application, we monitor the I/O system calls generated the by application under monitoring to the underlying Linux kernel. As a case study, we present two Android malware samples found in the wild to experimentally evaluate the applicability of our proposed system for uncovering potential malicious activities. I