Research Article
Defining and Detecting Environment Discrimination in Android Apps
@INPROCEEDINGS{10.1007/978-3-319-78813-5_26, author={Yunfeng Hong and Yongjian Hu and Chun-Ming Lai and S. Felix Wu and Iulian Neamtiu and Patrick McDaniel and Paul Yu and Hasan Cam and Gail-Joon Ahn}, title={Defining and Detecting Environment Discrimination in Android Apps}, proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings}, proceedings_a={SECURECOMM}, year={2018}, month={4}, keywords={Android Malware detection Environment discrimination}, doi={10.1007/978-3-319-78813-5_26} }
- Yunfeng Hong
Yongjian Hu
Chun-Ming Lai
S. Felix Wu
Iulian Neamtiu
Patrick McDaniel
Paul Yu
Hasan Cam
Gail-Joon Ahn
Year: 2018
Defining and Detecting Environment Discrimination in Android Apps
SECURECOMM
Springer
DOI: 10.1007/978-3-319-78813-5_26
Abstract
Environment discrimination—a program behaving differently on different platforms—is used in many contexts. For example, malware can use environment discrimination to thwart detection attempts: as malware detectors employ automated dynamic analysis while running the potentially malicious program in a virtualized environment, the malware author can make the program virtual environment-aware so the malware turns off the nefarious behavior when it is running in a virtualized environment. Therefore, an approach for detecting environment discrimination can help security researchers and practitioners better understand the behavior of, and consequently counter, malware. In this paper we formally define environment discrimination, and propose an approach based on abstract traces and symbolic execution to detect discrimination in Android apps. Furthermore, our approach discovers what API calls expose the environment information to malware, which is a valuable reference for virtualization developers to improve their products. We also apply our approach to the real malware and third-party-researcher designed benchmark apps. The result shows that the algorithm and framework we proposed achieves 97% accuracy.