IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware
Michelle Wong
Abstract:
Most malware analysis employ either static or dynamic program analysis techniques. Dynamic analysis generally provide better precision than purely static methods, but their main drawback is that they can only detect malicious behavior if it is executed during testing. To execute the malicious behavior, we must inject the specific inputs that trigger it. Current techniques, such as hard-coded tests, random fuzzing and concolic testing, can provide good code coverage but are inefficient because they are unaware of the specific capabilities of the dynamic analysis being performed.
In this talk, we will describe our work on IntelliDroid, a generic Android input generator that can be configured to produce inputs specific to a dynamic analysis tool, for the analysis of any Android application. IntelliDroid is capable of determining the precise order that the inputs must be injected, and injects them at what we call the device-framework interface such that system fidelity is preserved. This enables it to be paired with full-system dynamic analysis tools such as TaintDroid. Our experiments demonstrate that IntelliDroid only needs to execute an average of 5% of the application to detect malicious behavior. We find that IntelliDroid can successfully identify the behavior, extract path constraints, and execute the malicious code in a number of instances of malicious behavior.
Bio:
Michelle Wong is a PhD student at the University of Toronto, supervised by Dr. David Lie. Her research interest is in the security of mobile computer systems and the analysis/detection of mobile malware.