Malton: Towards on-device non-invasive mobile malware analysis for ART

Lei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, Guofei Gu

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

71 Citations (Scopus)

Abstract

It’s an essential step to understand malware’s behaviors for developing effective solutions. Though a number of systems have been proposed to analyze Android malware, they have been limited by incomplete view of inspection on a single layer. What’s worse, various new techniques (e.g., packing, anti-emulator, etc.) employed by the latest malware samples further make these systems ineffective. In this paper, we propose Malton, a novel on-device non-invasive analysis platform for the new Android runtime (i.e., the ART runtime). As a dynamic analysis tool, Malton runs on real mobile devices and provides a comprehensive view of malware’s behaviors by conducting multi-layer monitoring and information flow tracking, as well as efficient path exploration. We have carefully evaluated Malton using real-world malware samples. The experimental results showed that Malton is more effective than existing tools, with the capability to analyze sophisticated malware samples and provide a comprehensive view of malicious behaviors of these samples.

Original languageEnglish
Title of host publicationProceedings of the 26th USENIX Security Symposium
PublisherUSENIX Association
Pages289-306
Number of pages18
ISBN (Electronic)9781931971409
Publication statusPublished - Aug 2017
Event26th USENIX Security Symposium - Vancouver, Canada
Duration: 16 Aug 201718 Aug 2017

Publication series

NameProceedings of the 26th USENIX Security Symposium

Conference

Conference26th USENIX Security Symposium
Country/TerritoryCanada
CityVancouver
Period16/08/1718/08/17

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Malton: Towards on-device non-invasive mobile malware analysis for ART'. Together they form a unique fingerprint.

Cite this