Browsing by Author "Wong, Michelle Yan Yi"
Now showing 1 - 2 of 2
- Results Per Page
- Sort Options
Item Targeted Dynamic Analysis for Android Malware(2015-03) Wong, Michelle Yan Yi; Lie, David; Electrical and Computer EngineeringThe identification and analysis of Android malware involves either static or dynamic program analysis of the malware binary. While static analysis has good code coverage, it is not as precise due to the lack of run-time information. In contrast, because Android malware is often bundled with applications that have legitimate functionality, dynamic analysis can take a long time to find and analyze the small amount of code implementing the malicious functionality. We propose IntelliDroid, a tool that combines the advantages of both static and dynamic analyses to efficiently analyze suspicious behavior in Android applications. A lightweight static phase identifies possible malicious behavior and gathers information to generate inputs that can dynamically exercise that behavior. IntelliDroid overcomes several key challenges of analyzing Android malware and when evaluated on 30 instances of malicious behavior, IntelliDroid successfully identifies the behavior, extracts path constraints, and executes the malicious code in all but one case.Item Targeted Security Analysis of Android Applications with Hybrid Program Analysis(2021-03) Wong, Michelle Yan Yi; Lie, David; Electrical and Computer EngineeringMobile devices are prevalent in everyday society and the installation of third-party applications provide a variety of services, such as location tracking, messaging, and financial management. The trove of sensitive information and functionality on these devices and their large user base attract malware developers who want to exploit this functionality for monetary gain or to cause harm. To protect the security and privacy of mobile device users, we wish to analyze applications to extract the types of actions they perform and to determine whether they can be trusted. Program analysis techniques have commonly been used to perform such analysis and are primarily static or dynamic in nature. Static analysis operates on the code of the application and provides good analysis coverage, but is imprecise due to the lack of run-time information. Dynamic analysis operates as the application is executing and is more precise due to the availability of the execution trace, but is often limited by low code coverage since only the parts of the application that are actually executed can be analyzed. In this thesis, we explore the use of hybrid program analysis techniques that use the strengths of both static and dynamic analysis to achieve more effective security analysis of applications on the Android mobile platform. We propose and develop the idea of targeted execution, in which analysis resources are focused on the specific code locations that are of interest to a security analyzer. We dynamically execute the application at these locations to enable precise security analysis of the behaviors. To target the locations, we preface the dynamic analysis with a static phase that performs a conservative search for potential behaviors of interest and extracts the code paths that lead to them. It then determines how these code paths can be executed such that the target behavior can be analyzed. We show how the use of both static and dynamic analysis can enable more effective execution and analysis of applications than the existing state-of-the-art techniques. We further show how hybrid program analysis can enable the deobfuscation of applications, a challenge that often plagues security analysis tools.