Andro-Dumpsys: Anti-Malware System Based on the Similarity of Malware Creator and Malware Centric Information 


1.  Introduction 

Andro-Dumpsys is an anti-malware system based on similarity matching of malware-centric and malware creator-centric information. Our system runs a target application on an emulator, extracts odex bytecode—which basically collects parts of an application that are optimized before booting through volatile memory acquisition (dynamic analysis) in order to address the obfuscation, packing, dynamic loading techniques. Then, our system parses meaningful and relevant code patterns from the odex file and creates a profile of each application. In particular, for grasping the intent of malware creator, we leverage footprints, including the serial number of a certificate, operation codes (opcodes) in odex files, and meta-data in AndroidManifest.xml as feature vectors for malware characterization. By comparing the profiles, our system can detect and classify malware samples into related families.

 

2.  Publication

Jae-wook Jang, Hyunjae Kang, Jiyoung Woo, Aziz Mohaisen, Huy Kang Kim, Andro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information, Computers & Security, Volume 58, May 2016, Pages 125-138, ISSN 0167-4048, http://dx.doi.org/10.1016/j.cose.2015.12.005.

(http://www.sciencedirect.com/science/article/pii/S016740481600002X)

 

3.  Dataset Release

For academic purposes, we are happy to release our dataset. However, to avoid indiscriminate distribution of mobile malware, you need the password to unzip the dataset. Please send us a request sent by your official email account. If you use our dataset for your experiment, please cite our paper.



4.  Acknowledgement

Andro-Dumpsys is developed by Hacking and Countermeasure Research Lab in the Graduate School of Information Security at the Korea University of Korea.

Please contact “Huy Kang Kim” (cenda at korea.ac.kr) if you have any question.


result_malware_description_906_150126.csv