Skip to main content
Top

2020 | OriginalPaper | Chapter

STDNeut: Neutralizing Sensor, Telephony System and Device State Information on Emulated Android Environments

Authors : Saurabh Kumar, Debadatta Mishra, Biswabandan Panda, Sandeep K. Shukla

Published in: Cryptology and Network Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Sophisticated malware employs various emulation-detection techniques to bypass the dynamic analysis systems that are running on top of virtualized environments. Hence, a defense mechanism needs to be incorporated in emulation based analysis platforms to mitigate the emulation-detection strategies opted by malware. In this paper, first we design an emulation-detection library that has configurable capabilities ranging from basic to advanced detection techniques like distributed detection and GPS information. We use this library to arm several existing malware with different levels of emulation-detection capabilities and study the efficacy of anti-emulation-detection measures of well known emulator driven dynamic analysis frameworks. Furthermore, we propose STDNeut (Sensor, Telephony system, and Device state information Neutralizer) – a configurable anti-emulation-detection mechanism that defends against the basic as well as advanced emulation-detection techniques regardless of which layer of Android OS the attack is performed on. Finally, we perform various experiments to show the effectiveness of STDNeut. Experimental results show that STDNeut can effectively execute a malware without being detected as an emulated platform.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
4.
go back to reference Allix, K. et al.: Androzoo: collecting millions of android apps for the research community. In: MSR, pp. 468–471 (2016) Allix, K. et al.: Androzoo: collecting millions of android apps for the research community. In: MSR, pp. 468–471 (2016)
9.
go back to reference Bellard, F.: Qemu, a fast and portable dynamic translator. In: ATEC, p. 41 (2005) Bellard, F.: Qemu, a fast and portable dynamic translator. In: ATEC, p. 41 (2005)
10.
go back to reference Costamagna, V. et al.: Identifying and evading android sandbox through usage-profile based fingerprints. In: RESEC (2018) Costamagna, V. et al.: Identifying and evading android sandbox through usage-profile based fingerprints. In: RESEC (2018)
12.
go back to reference Diao, W. et al.: Evading android runtime analysis through detecting programmed interactions. In: WiSec, pp. 159–164 (2016) Diao, W. et al.: Evading android runtime analysis through detecting programmed interactions. In: WiSec, pp. 159–164 (2016)
18.
go back to reference Jing, Y. et al.: Morpheus: Automatically generating heuristics to detect android emulators. In: ACSAC, pp. 216–225 (2014) Jing, Y. et al.: Morpheus: Automatically generating heuristics to detect android emulators. In: ACSAC, pp. 216–225 (2014)
23.
go back to reference Maruyama, S., et al.: Base transceiver station for w-cdma system. Fujitsu Sci. Tech. J. 38, 167–173 (2002) Maruyama, S., et al.: Base transceiver station for w-cdma system. Fujitsu Sci. Tech. J. 38, 167–173 (2002)
29.
go back to reference Rasthofer, S. et al.: Harvesting runtime values in android applications that feature anti-analysis techniques. In: NDSS (2016) Rasthofer, S. et al.: Harvesting runtime values in android applications that feature anti-analysis techniques. In: NDSS (2016)
30.
go back to reference Sadeghi, A., et al.: A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software. IEEE Trans. Softw. Eng. 43(6), 492–530 (2017)CrossRef Sadeghi, A., et al.: A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software. IEEE Trans. Softw. Eng. 43(6), 492–530 (2017)CrossRef
31.
go back to reference Sun, M. et al.: TaintART: a practical multi-level information-flow tracking system for android runtime. In: ACM SIGSAC CCS, pp. 331–342 (2016) Sun, M. et al.: TaintART: a practical multi-level information-flow tracking system for android runtime. In: ACM SIGSAC CCS, pp. 331–342 (2016)
32.
go back to reference Tam, K. et al.: Copperdroid: automatic reconstruction of android malware behaviors. In: NDSS (2015) Tam, K. et al.: Copperdroid: automatic reconstruction of android malware behaviors. In: NDSS (2015)
33.
go back to reference Tam, K., et al.: The evolution of android malware and android analysis techniques. ACM Comput. Surv. 49(4), 76:1–76:41 (2017)CrossRef Tam, K., et al.: The evolution of android malware and android analysis techniques. ACM Comput. Surv. 49(4), 76:1–76:41 (2017)CrossRef
36.
go back to reference Vidas, T., Christin, N.: Evading Android runtime analysis via sandbox detection. In: ASIA CCS (2014) Vidas, T., Christin, N.: Evading Android runtime analysis via sandbox detection. In: ASIA CCS (2014)
37.
go back to reference Wang, X. et al.: Droid-AntiRM: taming control flow anti-analysis to support automated dynamic analysis of android malware. In: ACSAC (2017) Wang, X. et al.: Droid-AntiRM: taming control flow anti-analysis to support automated dynamic analysis of android malware. In: ACSAC (2017)
38.
go back to reference Wei, F. et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: ACM SIGSAC CCS (2014) Wei, F. et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: ACM SIGSAC CCS (2014)
40.
go back to reference Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In: USENIX Security (2012) Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the OS and dalvik semantic views for dynamic android malware analysis. In: USENIX Security (2012)
Metadata
Title
STDNeut: Neutralizing Sensor, Telephony System and Device State Information on Emulated Android Environments
Authors
Saurabh Kumar
Debadatta Mishra
Biswabandan Panda
Sandeep K. Shukla
Copyright Year
2020
DOI
https://doi.org/10.1007/978-3-030-65411-5_5

Premium Partner