TY - GEN
T1 - Malton
T2 - 26th USENIX Security Symposium
AU - Xue, Lei
AU - Zhou, Yajin
AU - Chen, Ting
AU - Luo, Xiapu
AU - Gu, Guofei
PY - 2017/8
Y1 - 2017/8
N2 - It’s an essential step to understand malware’s behaviors for developing effective solutions. Though a number of systems have been proposed to analyze Android malware, they have been limited by incomplete view of inspection on a single layer. What’s worse, various new techniques (e.g., packing, anti-emulator, etc.) employed by the latest malware samples further make these systems ineffective. In this paper, we propose Malton, a novel on-device non-invasive analysis platform for the new Android runtime (i.e., the ART runtime). As a dynamic analysis tool, Malton runs on real mobile devices and provides a comprehensive view of malware’s behaviors by conducting multi-layer monitoring and information flow tracking, as well as efficient path exploration. We have carefully evaluated Malton using real-world malware samples. The experimental results showed that Malton is more effective than existing tools, with the capability to analyze sophisticated malware samples and provide a comprehensive view of malicious behaviors of these samples.
AB - It’s an essential step to understand malware’s behaviors for developing effective solutions. Though a number of systems have been proposed to analyze Android malware, they have been limited by incomplete view of inspection on a single layer. What’s worse, various new techniques (e.g., packing, anti-emulator, etc.) employed by the latest malware samples further make these systems ineffective. In this paper, we propose Malton, a novel on-device non-invasive analysis platform for the new Android runtime (i.e., the ART runtime). As a dynamic analysis tool, Malton runs on real mobile devices and provides a comprehensive view of malware’s behaviors by conducting multi-layer monitoring and information flow tracking, as well as efficient path exploration. We have carefully evaluated Malton using real-world malware samples. The experimental results showed that Malton is more effective than existing tools, with the capability to analyze sophisticated malware samples and provide a comprehensive view of malicious behaviors of these samples.
UR - http://www.scopus.com/inward/record.url?scp=85038906046&partnerID=8YFLogxK
M3 - Conference article published in proceeding or book
AN - SCOPUS:85038906046
T3 - Proceedings of the 26th USENIX Security Symposium
SP - 289
EP - 306
BT - Proceedings of the 26th USENIX Security Symposium
PB - USENIX Association
Y2 - 16 August 2017 through 18 August 2017
ER -