Kharon dataset: Android malware under a microscope

Nicolas Kiss 1 Jean-François Lalande 2 Mourad Leslous 1 Valérie Viet Triem Tong 1
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE, Inria Rennes – Bretagne Atlantique , CentraleSupélec
2 LIFO - Laboratoire d'Informatique Fondamentale d'Orléans
Abstract : This study is related to the understanding of Android malware that now populate smartphone's markets. Our main objective is to help other malware researchers to better understand how malware works. Additionally, we aim at supporting the reproducibility of experiments analyzing malware samples: such a collection should improve the comparison of new detection or analysis methods. In order to achieve these goals, we describe here an Android malware collection called Kharon. This collection gives as much as possible a representation of the diversity of malware types. With such a dataset, we manually dissected each malware by reversing their code. We run them in a controlled and monitored real smartphone in order to extract their precise behavior. We also summarized their behavior using a graph representations of the information flows induced by an execution. With such a process, we obtained a precise knowledge of their malicious code and actions. As a result, researchers can figure out the engineering efforts of malware developers and understand their programming patterns. Another important result of this study is that most of malware now include triggering techniques that delay and hide their malicious activities. We also think that this collection can initiate a reference test set for future research works.
Document type :
Conference papers
Complete list of metadatas

Cited literature [9 references]  Display  Hide  Download
https://hal-centralesupelec.archives-ouvertes.fr/hal-01311917
Contributor : Jean-François Lalande <>
Submitted on : Friday, June 24, 2016 - 3:38:52 PM
Last modification on : Wednesday, November 13, 2019 - 1:42:20 AM
Long-term archiving on: Sunday, September 25, 2016 - 11:39:18 AM

Files

laser-kharon.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01311917, version 1

Collections

CNRS | UNIV-ORLEANS | INSTITUT-TELECOM | UNIV-RENNES1 | INRIA | IRISA | SUP_CIDRE | CENTRALESUPELEC | UR1-UFR-ISTIC | UNIV-RENNES | INSA-GROUPE | IRISA-D1 | INSA-CVL

Citation

Nicolas Kiss, Jean-François Lalande, Mourad Leslous, Valérie Viet Triem Tong. Kharon dataset: Android malware under a microscope. The Learning from Authoritative Security Experiment Results (LASER) workshop, May 2016, San Jose, United States. pp.1-12. ⟨hal-01311917⟩

Export

BibTeX TEI DC DCterms EndNote

Share

Metrics

Record views

1467

Files downloads

1032

Contact

Informations

CCSD