A Hidden File Extraction Scheme Defeating Malware Using Android Dynamic Loading
- Authors
- Yoon, H.; Shim, H.; Jung, S.
- Issue Date
- Nov-2020
- Publisher
- Springer Science and Business Media Deutschland GmbH
- Keywords
- Android malware; ClassLoader; Dynamic loading; Java reflection; Multidex
- Citation
- Communications in Computer and Information Science, v.1121, pp.85 - 98
- Journal Title
- Communications in Computer and Information Science
- Volume
- 1121
- Start Page
- 85
- End Page
- 98
- URI
- http://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/40484
- DOI
- 10.1007/978-981-15-9609-4_7
- ISSN
- 1865-0929
- Abstract
- Recently, malicious Android applications have become intelligent to bypass traditional static analysis. Among them, which using dynamic loading techniques hide malicious code by separating DEX files. These additional DEX files can be installed together during the installation time in different directory or downloaded from the command and control server. However intelligent malwares delete the DEX files after execution to avoid analysis. Therefore, It is difficult to figure out the some of hidden behavior without extracting files used for dynamic loading. In this paper, we propose a extraction algorithms to save the loaded or deleted DEX file using Xposed. After that, verifies whether the extracted DEX file is malicious by using the proposed technique. This method allows you to analyze additional actions performed by malware through analysis. As a result, it contributes to find hidden features of Application. © 2020, Springer Nature Singapore Pte Ltd.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Information Technology > ETC > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.