ANANAS - A Framework for Analyzing Android Applications

Author

Eder, Thomas ; Rodler, M. ; Vymazal, Dieter ; Zeilinger, Melanie

Author_Institution

Dept. Secure Inf. Syst., Univ. of Appl. Sci. Upper Austria, Steyr, Austria

fYear

2013

fDate

2-6 Sept. 2013

Firstpage

711

Lastpage

719

Abstract

Android is an open software platform for mobile devices with a large market share in the smart phone sector. The openness of the system as well as its wide adoption lead to an increasing amount of malware developed for this platform. ANANAS is an expandable and modular framework for analyzing Android applications. It takes care of common needs for dynamic malware analysis and provides an interface for the development of plugins. Adaptability and expandability have been main design goals during the development process. An abstraction layer for simple user interaction and phone event simulation is also part of the framework. It allows an analyst to script the required user simulation or phone events on demand or adjust the simulation to his needs. Six plugins have been developed for ANANAS. They represent well known techniques for malware analysis, such as system call hooking and network traffic analysis. The focus clearly lies on dynamic analysis, as five of the six plugins are dynamic analysis methods.

Keywords

invasive software; mobile computing; operating systems (computers); public domain software; ANANAS; Android applications; abstraction layer; dynamic malware analysis; network traffic analysis; open software platform; phone event simulation; simple user interaction; system call hooking; Androids; Databases; Humanoid robots; Malware; Registers; Smart phones; Android malware; Smartphone security; automated malware analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2013 Eighth International Conference on

Conference_Location

Regensburg

Type

conf

DOI

10.1109/ARES.2013.93

Filename

6657309