DexMonitor: Dynamically Analyzing and Monitoring Obfuscated Android Applications
- Authors
- CHO, HAEHYUN; Yi, J.H.; Ahn, G.
- Issue Date
- Nov-2018
- Publisher
- Institute of Electrical and Electronics Engineers Inc.
- Keywords
- Android Application Analysis; Bytecode Monitoring; Encryption; Java; Malware; Mobile Security; Monitoring; Static analysis; Virtual machining
- Citation
- IEEE Access, v.6, pp.71229 - 71240
- Journal Title
- IEEE Access
- Volume
- 6
- Start Page
- 71229
- End Page
- 71240
- URI
- http://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/31049
- DOI
- 10.1109/ACCESS.2018.2881699
- ISSN
- 2169-3536
- Abstract
- Both Android application developers and malware authors use sophisticated obfuscation tools to prevent their mobile applications from being repackaged and analyzed. These tools obfuscate sensitive strings and classes, API calls, and control flows in the Dalvik bytecode. Consequently, it is inevitable for the security analysts to spend significant amount of time for understanding the robustness of these obfuscation techniques and fully comprehending the intentions of each application. Since such analyses are often errorprone and require extensive analysis experience, it is critical to explore a novel approach to systematically analyze Android application bytecode. In this paper, we propose an approach to address such a critical challenge by placing hooks in the Dalvik virtual machine at the point where a Dalvik instruction is about to be executed. Also, we demonstrate the effectiveness of our approach through case studies on real-world applications with our prototype, called DexMonitor
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Information Technology > School of Software > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.