Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
2-2023
Abstract
Understanding Android applications' behavior is essential to many security applications, e.g., malware analysis. Although many systems have been proposed to perform such dynamic analysis, they are limited by their applicable analysis environment (on device vs. emulator), transparency to subject apps, applicable runtime (Dalvik vs. ART), applicable system stack, or granularity. In this paper, we propose FA3 (Fine-Grained Android Application Analysis), a novel on-device, non-invasive, and fine-grained analysis platform by leveraging existing profiling mechanisms in the Android Runtime (ART) and kernel to inspect method invocations and control-flow transfers for both Java methods and third-party native libraries. FA3 embeds its tracing capability in multiple layers of the Android system stack to not only capture fine-grained application behaviors but ensure even non-conventional or malicious tricks of loading and executing OAT/ELF binaries cannot escape our monitoring. We carefully evaluated FA3 using real-world malware. Experimental results showed that FA3 successfully analyzes sophisticated malware samples and provides a comprehensive view of their behavior.
Keywords
Android malware, Mobile security, Android applications, Fine-grained
Discipline
Information Security | Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
HotMobile '23: Proceedings of the 24th International Workshop on Mobile Computing Systems and Applications, Newport Beach, 22-23 February
First Page
74
Last Page
80
ISBN
9798400700170
Identifier
10.1145/3572864.3580338
Publisher
ACM
City or Country
New York
Citation
LIN, Yan; WONG, Weng Onn; and GAO, Debin.
FA3: Fine-Grained Android Application Analysis. (2023). HotMobile '23: Proceedings of the 24th International Workshop on Mobile Computing Systems and Applications, Newport Beach, 22-23 February. 74-80.
Available at: https://ink.library.smu.edu.sg/sis_research/7776
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3572864.3580338