GroDDViewer: Dynamic Dual View of Android Malware - INRIA - Institut National de Recherche en Informatique et en Automatique Accéder directement au contenu
Communication Dans Un Congrès Année : 2020

GroDDViewer: Dynamic Dual View of Android Malware

Résumé

Understanding an Android malware is a difficult task that requires strong skills in reverse engineering. Few tools exist except the well know IDA and Ghidra tools that are more focused on the analysis of binaries. In the Android world, understanding a malware requires to analyze the bytecode of the application, possibly obfuscated or hidden in a benign application that has been modified. At execution time, the malware can download new payloads, compromise the smartphone, and install new apps. We believe that a security analyst would appreciate to visualize and replay an execution of an Android malware. In particular, an analysis that bridges the gap between the bytecode and the events occurring during the execution would help to understand the malware behavior. In this article, we propose GroDDViewer the first tool offering a dual view of the execution of an Android malware. The first view represents the execution at operating system level through the representation of all information flow between files, processes and sockets. The second view represents what happened in the code of the application, during its execution. The benefit of this visualization tool is illustrated on a ransomware sample. In future, we plan to evaluate the tool with a panel of users on a benchmark of malware samples.

Mots clés

Fichier principal
Vignette du fichier
camera-gramsec.pdf (1.19 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-02913112 , version 1 (07-08-2020)

Identifiants

Citer

Jean-François Lalande, Mathieu Simon, Valérie Viet Triem Tong. GroDDViewer: Dynamic Dual View of Android Malware. GraMSec 2020 - 7th Seventh International Workshop on Graphical Models for Security, Jun 2020, Virtual Conference, France. pp.127-139, ⟨10.1007/978-3-030-62230-5_7⟩. ⟨hal-02913112⟩
150 Consultations
183 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More