ANANAS - A Framework for Analyzing Android Applications

Eder, Thomas; Rodler, Michael; Vymazal, Dieter; Zeilinger, Markus

doi:10.1109/ares.2013.93

Cited by 25 publications

(11 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Extracting app behavioral footprint using Dynalog [10] tool, which has been incorporated into many dynamic analyses systems (such as AASandbox [11], ANANAS [12], Mobile Sandbox [13], and vetDroid [14]). Monkey is a random-based events generation tool that is part of the Android Developers' toolkit [15].…”

Section: Figmentioning

confidence: 99%

“…Several dynamic analysis tools for characterizing Android apps have been published in the literature. The majority of these rely on random-based test input generation using Monkey, for example, AASandbox [11], ANANAS [12], Mobile-Sandbox [13], vetDroid [14], TraceDroid [48], Andrubis [49], Dynalog [8], HADM [50], Maline [51], Glassbox [52], NetworkProfiler [53], Andlatis [54], Hu & Neamtiu [55], and Cai & Ryder [56]. Others such as AppsPlayground [38] used a more intelligent event generation technique, but unlike our paper, did not investigate code coverage capabilities in the context of on performance analysis of machine learning-based malware detection.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Machine learning-based dynamic analysis of Android apps with improved code coverage

Yerima

Alzaylaee

Sezer

2019

EURASIP J. on Info. Security

View full text Add to dashboard Cite

This paper investigates the impact of code coverage on machine learning-based dynamic analysis of Android malware. In order to maximize the code coverage, dynamic analysis on Android typically requires the generation of events to trigger the user interface and maximize the discovery of the run-time behavioral features. The commonly used event generation approach in most existing Android dynamic analysis systems is the random-based approach implemented with the Monkey tool that comes with the Android SDK. Monkey is utilized in popular dynamic analysis platforms like AASandbox, vetDroid, MobileSandbox, TraceDroid, Andrubis, ANANAS, DynaLog, and HADM. In this paper, we propose and investigate approaches based on stateful event generation and compare their code coverage capabilities with the state-of-the-practice random-based Monkey approach. The two proposed approaches are the state-based method (implemented with DroidBot) and a hybrid approach that combines the state-based and random-based methods. We compare the three different input generation methods on real devices, in terms of their ability to log dynamic behavior features and the impact on various machine learning algorithms that utilize the behavioral features for malware detection. Experiments performed using 17,444 applications show that overall, the proposed methods provide much better code coverage which in turn leads to more accurate machine learning-based malware detection compared to the state-of-the-art approach.

show abstract

Section: Figmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Machine learning-based dynamic analysis of Android apps with improved code coverage

Yerima

Alzaylaee

Sezer

2019

EURASIP J. on Info. Security

View full text Add to dashboard Cite

show abstract

“…In addition, the approach used a runtime analysis, effectively bypassing the need to deal with code/data obfuscation [7]. The recent researches on the detection of malware on mobile platform include [7,8,28,[30][31][32][33][34][35][36].…”

Section: Related Workmentioning

confidence: 99%

Improved Malware Detection Model with Apriori Association Rule and Particle Swarm Optimization

Adebayo

Aziz

2019

Security and Communication Networks

View full text Add to dashboard Cite

The incessant destruction and harmful tendency of malware on mobile devices has made malware detection an indispensable continuous field of research. Different matching/mismatching approaches have been adopted in the detection of malware which includes anomaly detection technique, misuse detection, or hybrid detection technique. In order to improve the detection rate of malicious application on the Android platform, a novel knowledge-based database discovery model that improves apriori association rule mining of a priori algorithm with Particle Swarm Optimization (PSO) is proposed. Particle swarm optimization (PSO) is used to optimize the random generation of candidate detectors and parameters associated with apriori algorithm (AA) for features selection. In this method, the candidate detectors generated by particle swarm optimization form rules using apriori association rule. These rule models are used together with extraction algorithm to classify and detect malicious android application. Using a number of rule detectors, the true positive rate of detecting malicious code is maximized, while the false positive rate of wrongful detection is minimized. The results of the experiments show that the proposed a priori association rule with Particle Swarm Optimization model has remarkable improvement over the existing contemporary detection models.

show abstract

“…It uses Androguard to extract static meta-data relating to the app and also utilizes Taintdroid for data leakage detection. Because DroidBox was the first open source dynamic analysis sandbox, it has been used as a building block for several dynamic analysis frameworks such as Sandroid [14], MobileSandbox [15] and Andrubis [16]. Table 1 shows the high level behaviours (features) that are available with DroidBox.…”

Section: A Emulator-based Analysis Sandboxmentioning

confidence: 99%

“…DroidBox is the first open-source dynamic analysis platform for Android. Therefore, it has been employed as a base system by various dynamic analysis platforms, such as Andrubis [16], Mobile-Sandbox [15], and SandDroid [14]. Furthermore, DroidBox only considers a limited set of behaviour, and it is restricted to one kernel version.…”

Section: B) Open-source Frameworkmentioning

confidence: 99%

Dynalog: an automated dynamic analysis framework for characterizing android applications

Alzaylaee¹,

Yerima²,

Sezer³

2016

2016 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

View full text Add to dashboard Cite

ANANAS - A Framework for Analyzing Android Applications

Cited by 25 publications

References 3 publications

Machine learning-based dynamic analysis of Android apps with improved code coverage

Machine learning-based dynamic analysis of Android apps with improved code coverage

Improved Malware Detection Model with Apriori Association Rule and Particle Swarm Optimization

Dynalog: an automated dynamic analysis framework for characterizing android applications

Contact Info

Product

Resources

About