Sunjun Lee Sunjun Lee, Yonggu Shin Sunjun Lee, Minseong Choi Yonggu Shin, Haehyun Cho Minseong Choi, Jeong Hyun Yi Haehyun Cho
{"title":"用 DOOLDA 对受反分析技术保护的安卓恶意软件进行混合动态分析","authors":"Sunjun Lee Sunjun Lee, Yonggu Shin Sunjun Lee, Minseong Choi Yonggu Shin, Haehyun Cho Minseong Choi, Jeong Hyun Yi Haehyun Cho","doi":"10.53106/160792642024032502003","DOIUrl":null,"url":null,"abstract":"\n A lot of the recently reported malware is equipped with the anti-analysis techniques (e.g., anti-emulation, anti-debugging, etc.) for preventing from being the analyzed, which can delay detection and make malware alive for a longer period. Therefore, it is of the great importance of developing automated approaches to defeat such anti-analysis techniques so that we can handle and effectively mitigate numerous malware. In this paper, by analyzing 1,535 malicious applications, we found that 18.31% of them equipped with anti-analysis techniques. Next, we propose a novel, dynamic analyzer, named DOOLDA, for automatically invalidating anti-analysis techniques through dynamic instrumentation. DOOLDA monitors executions of Android applications’ entire code layers (i.e., bytecode and native code). Based on monitoring results, DOOLDA finds the code related to anti-analysis techniques and invalidates the anti-analysis techniques by instrumenting it. To demonstrate the effectiveness of DOOLDA, we show that it can invalidate all known anti-analysis techniques. Also, we compare DOOLDA with other dynamic analyzers.\n \n","PeriodicalId":442331,"journal":{"name":"網際網路技術學刊","volume":"52 3","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Hybrid Dynamic Analysis for Android Malware Protected by Anti-Analysis Techniques with DOOLDA\",\"authors\":\"Sunjun Lee Sunjun Lee, Yonggu Shin Sunjun Lee, Minseong Choi Yonggu Shin, Haehyun Cho Minseong Choi, Jeong Hyun Yi Haehyun Cho\",\"doi\":\"10.53106/160792642024032502003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"\\n A lot of the recently reported malware is equipped with the anti-analysis techniques (e.g., anti-emulation, anti-debugging, etc.) for preventing from being the analyzed, which can delay detection and make malware alive for a longer period. Therefore, it is of the great importance of developing automated approaches to defeat such anti-analysis techniques so that we can handle and effectively mitigate numerous malware. In this paper, by analyzing 1,535 malicious applications, we found that 18.31% of them equipped with anti-analysis techniques. Next, we propose a novel, dynamic analyzer, named DOOLDA, for automatically invalidating anti-analysis techniques through dynamic instrumentation. DOOLDA monitors executions of Android applications’ entire code layers (i.e., bytecode and native code). Based on monitoring results, DOOLDA finds the code related to anti-analysis techniques and invalidates the anti-analysis techniques by instrumenting it. To demonstrate the effectiveness of DOOLDA, we show that it can invalidate all known anti-analysis techniques. Also, we compare DOOLDA with other dynamic analyzers.\\n \\n\",\"PeriodicalId\":442331,\"journal\":{\"name\":\"網際網路技術學刊\",\"volume\":\"52 3\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"網際網路技術學刊\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.53106/160792642024032502003\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"網際網路技術學刊","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.53106/160792642024032502003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Hybrid Dynamic Analysis for Android Malware Protected by Anti-Analysis Techniques with DOOLDA
A lot of the recently reported malware is equipped with the anti-analysis techniques (e.g., anti-emulation, anti-debugging, etc.) for preventing from being the analyzed, which can delay detection and make malware alive for a longer period. Therefore, it is of the great importance of developing automated approaches to defeat such anti-analysis techniques so that we can handle and effectively mitigate numerous malware. In this paper, by analyzing 1,535 malicious applications, we found that 18.31% of them equipped with anti-analysis techniques. Next, we propose a novel, dynamic analyzer, named DOOLDA, for automatically invalidating anti-analysis techniques through dynamic instrumentation. DOOLDA monitors executions of Android applications’ entire code layers (i.e., bytecode and native code). Based on monitoring results, DOOLDA finds the code related to anti-analysis techniques and invalidates the anti-analysis techniques by instrumenting it. To demonstrate the effectiveness of DOOLDA, we show that it can invalidate all known anti-analysis techniques. Also, we compare DOOLDA with other dynamic analyzers.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
