droidcon SF 2018 - Android malware forensics
Alina Matyukhina
Android malware forensics
With the rising popularity of Android mobile devices, the amount of malicious applications targeting the Android platform has been increasing tremendously. To mitigate the risk of malicious apps, there is a need for an automated system to detect these applications. Current detection techniques rely on the signatures of well-documented malware, and hence may not be able to detect new malware samples. The majority of these approaches are based on either the analysis of complex features extracted from the files present in Android executables (e.g., DroidSafe) or dynamic features derived from an app's behaviour during runtime. Extraction of such complex features is a tedious task and requires a considerable amount of time and system resources. With rapid increase in the amount and complexity of malware, it is beneficial to employ methods that do not rely on analysis of complex features and are time efficient. In this session, we will speak about an alternative solution. Instead of focusing on individual malware samples, we propose to turn our attention to malware developers. The benefit of this strategy is clear: generating a signature for malware developer rather than individual malware sample, we can effectively characterise all malware samples generated by a particular software developer. The primary premise for our work stems from authorship attribution field, typically used in literary domain. Author attribution domain assumes that each author possesses a unique writing style which can accurately identify his/her works among others. Our hypothesis is that a developer similar to an author has a unique programming style which is reflected through the various components of programs developed by him. By analysing such program components, we can possibly generate the author’s signature that can uniquely identify applications developed by that author. One of the simplest components that can represent an author’s writing style is a set of strings used by a developer throughout binary code. Various string components such as variables, class names, method names, and string literals reflect the writing preferences of the developer. We present an approach to identify an author of an given Android application using the author's signature (profile) comprised of different string components that can potentially reflect the Android author's style. Using these author signatures, we can effectively detect a wide range of existing, as well as any new, malware samples generated by particular authors.
Content and programming organized by Ty Smith, GDE/GDG & Mobile Tech Lead Manager at Uber & Joaquim Verges, GDG & Android Tech Lead at Twitch.
Big thanks to our video sponsor Asana - https://asana.com/.
See you at droidcon SF 2019! November 18-19 @ Mission Bay Conference Center. Get your tickets here - https://droidconsf2019.eventbrite.com/?aff=youtube
Видео droidcon SF 2018 - Android malware forensics канала droidcon SF
Android malware forensics
With the rising popularity of Android mobile devices, the amount of malicious applications targeting the Android platform has been increasing tremendously. To mitigate the risk of malicious apps, there is a need for an automated system to detect these applications. Current detection techniques rely on the signatures of well-documented malware, and hence may not be able to detect new malware samples. The majority of these approaches are based on either the analysis of complex features extracted from the files present in Android executables (e.g., DroidSafe) or dynamic features derived from an app's behaviour during runtime. Extraction of such complex features is a tedious task and requires a considerable amount of time and system resources. With rapid increase in the amount and complexity of malware, it is beneficial to employ methods that do not rely on analysis of complex features and are time efficient. In this session, we will speak about an alternative solution. Instead of focusing on individual malware samples, we propose to turn our attention to malware developers. The benefit of this strategy is clear: generating a signature for malware developer rather than individual malware sample, we can effectively characterise all malware samples generated by a particular software developer. The primary premise for our work stems from authorship attribution field, typically used in literary domain. Author attribution domain assumes that each author possesses a unique writing style which can accurately identify his/her works among others. Our hypothesis is that a developer similar to an author has a unique programming style which is reflected through the various components of programs developed by him. By analysing such program components, we can possibly generate the author’s signature that can uniquely identify applications developed by that author. One of the simplest components that can represent an author’s writing style is a set of strings used by a developer throughout binary code. Various string components such as variables, class names, method names, and string literals reflect the writing preferences of the developer. We present an approach to identify an author of an given Android application using the author's signature (profile) comprised of different string components that can potentially reflect the Android author's style. Using these author signatures, we can effectively detect a wide range of existing, as well as any new, malware samples generated by particular authors.
Content and programming organized by Ty Smith, GDE/GDG & Mobile Tech Lead Manager at Uber & Joaquim Verges, GDG & Android Tech Lead at Twitch.
Big thanks to our video sponsor Asana - https://asana.com/.
See you at droidcon SF 2019! November 18-19 @ Mission Bay Conference Center. Get your tickets here - https://droidconsf2019.eventbrite.com/?aff=youtube
Видео droidcon SF 2018 - Android malware forensics канала droidcon SF
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
droidcon SF 2018 - Improving Android Build performance
droidcon SF 2018 - Debugging Application Performance
CONFidence 2019: "Latest Android threats and their techniques" - Lukas Štefanko
droidcon SF 2018 - Dude, Where's My Build? Android CI/CD at Uber
DEF CON 26 - Maksim Shudrak - Fuzzing Malware For Fun and Profit
droidcon SF 2017 - Litho: A Declarative UI Framework for Android
droidcon SF 2018 - How HTTP/2 works, and how Android developers can leverage it
droidcon SF 2018 - MotionLayout & ConstraintLayout 2.0
BSides DC 2019 - Hands-on Writing Malware in Go
Droidcon NYC 2015 - 10 ways to Improve Your Android App Performance
droidcon SF 2018 - Scaling an Android App from 1 to 100 developers with modularization.
droidcon SF 2018 - Deep Dive into the Android Gradle Plugin
REVERSING MALWARE / Reverse Engineering Android APKs
droidcon NYC 2017 - Model-View-Intent for Android
DEF CON 25 Conference - Josh Schwartz, John Cramb - MEATPISTOL, A Modular Malware Implant Framework
Beginners Guide to Reverse Engineering Android Apps
How to Remove Malware on iPhone and Android | Cyberguy
droidcon SF 2018 - Breaking Android Apps
A Deep Dive Into Mobile Malware
Extracting and viewing bundled malware in EXE file