Blogs (9) >>
Sun 30 October - Fri 4 November 2016 Amsterdam, Netherlands
Tue 1 Nov 2016 11:36 - 12:10 at Winterthur - Session 2 Chair(s): Michael Pradel, Omer Tripp

Android applications, or apps, provide useful features to end-users, but many apps also contain malicious behavior. Modern malware makes understanding such behavior challenging by behaving maliciously only under particular conditions. For example, a malware app may check whether it runs on a real device and not an emulator, in a particular country, and alongside a specific target app, such as a vulnerable banking app. To observe the malicious behavior, an analyst must find out and emulate all these app-specific constraints. In this talk, we will present FuzzDroid, a framework for automatically generating an Android execution environment where an app exposes its malicious behavior. The key idea is to combine an extensible set of static and dynamic analyses through a search-based algorithm that steers the app toward a configurable target location. On recent malware, the approach reaches the target location in 75% of the apps. In total, we reach 240 code locations within an average time of only one minute. To reach these code locations, FuzzDroid generates 106 different environments, too many for a human analyst to create manually.

Tue 1 Nov
Times are displayed in time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:30 - 12:10: WODA - Session 2 at Winterthur
Chair(s): Michael PradelTU Darmstadt, Germany, Omer TrippIBM Research, USA
woda201610:30 - 11:03
Alessandra GorlaIMDEA Software Institute
woda201611:03 - 11:36
Ben LivshitsMicrosoft Research
woda201611:36 - 12:10
Steven ArztTU Darmstadt, Germany