PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications
Authors:Andrea Gianazza, Federico Maggi, Aristide Fattori, Lorenzo Cavallaro, Stefano Zanero
arXiv
Technical Report
Abstract
Popularity and complexity of malicious mobile applications are rising, making their analysis difficult and labor intensive. Mobile application analysis is indeed inherently different from desktop application analysis: In the latter, the interaction of the user (i.e., victim) is crucial for the malware to correctly expose all its malicious behaviors. We propose a novel approach to analyze (malicious) mobile applications. The goal is to exercise the user interface (UI) of an Android application to effectively trigger malicious behaviors, automatically. Our key intuition is to record and reproduce the UI interactions of a potential victim of the malware, so as to stimulate the relevant behaviors during dynamic analysis. To make our approach scale, we automatically re-execute the recorded UI interactions on apps that are similar to the original ones. These characteristics make our system orthogonal and complementary to current dynamic analysis and UI-exercising approaches. We developed our approach and experimentally shown that our stimulation allows to reach a higher code coverage than automatic UI exercisers, so to unveil interesting malicious behaviors that are not exposed when using other approaches. Our approach is also suitable for crowdsourcing scenarios, which would push further the collection of new stimulation traces. This can potentially change the way we conduct dynamic analysis of (mobile) applications, from fully automatic only, to user-centric and collaborative too.
@TechReport{ gianazza_puppetdroid_tr_2014,
abstract = {Popularity and complexity of malicious mobile applications
are rising, making their analysis difficult and labor
intensive. Mobile application analysis is indeed inherently
different from desktop application analysis: In the latter,
the interaction of the user (i.e., victim) is crucial for
the malware to correctly expose all its malicious
behaviors. We propose a novel approach to analyze
(malicious) mobile applications. The goal is to exercise
the user interface (UI) of an Android application to
effectively trigger malicious behaviors, automatically. Our
key intuition is to record and reproduce the UI
interactions of a potential victim of the malware, so as to
stimulate the relevant behaviors during dynamic analysis.
To make our approach scale, we automatically re-execute the
recorded UI interactions on apps that are similar to the
original ones. These characteristics make our system
orthogonal and complementary to current dynamic analysis
and UI-exercising approaches. We developed our approach and
experimentally shown that our stimulation allows to reach a
higher code coverage than automatic UI exercisers, so to
unveil interesting malicious behaviors that are not exposed
when using other approaches. Our approach is also suitable
for crowdsourcing scenarios, which would push further the
collection of new stimulation traces. This can potentially
change the way we conduct dynamic analysis of (mobile)
applications, from fully automatic only, to user-centric
and collaborative too.},
author = {Gianazza, Andrea and Maggi, Federico and Fattori, Aristide
and Cavallaro, Lorenzo and Zanero, Stefano},
date = {2014-02-19},
file = {files/papers/reports/gianazza_puppetdroid_tr_2014.pdf},
institution = {arXiv},
shorttitle = {PuppetDroid},
title = {PuppetDroid: A User-Centric UI Exerciser for Automatic
Dynamic Analysis of Similar Android Applications},
url = {http://arxiv.org/abs/1402.4826}}