Kharon dataset: Android malware under a microscope

Nicolas Kiss 1 Jean-François Lalande 2 Mourad Leslous 1 Valérie Viet Triem Tong 1
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE, Inria Rennes – Bretagne Atlantique , CentraleSupélec
2 LIFO - Laboratoire d'Informatique Fondamentale d'Orléans
Abstract : This study is related to the understanding of Android malware that now populate smartphone's markets. Our main objective is to help other malware researchers to better understand how malware works. Additionally, we aim at supporting the reproducibility of experiments analyzing malware samples: such a collection should improve the comparison of new detection or analysis methods. In order to achieve these goals, we describe here an Android malware collection called Kharon. This collection gives as much as possible a representation of the diversity of malware types. With such a dataset, we manually dissected each malware by reversing their code. We run them in a controlled and monitored real smartphone in order to extract their precise behavior. We also summarized their behavior using a graph representations of the information flows induced by an execution. With such a process, we obtained a precise knowledge of their malicious code and actions. As a result, researchers can figure out the engineering efforts of malware developers and understand their programming patterns. Another important result of this study is that most of malware now include triggering techniques that delay and hide their malicious activities. We also think that this collection can initiate a reference test set for future research works.
Type de document :
Communication dans un congrès
The Learning from Authoritative Security Experiment Results (LASER) workshop, May 2016, San Jose, United States. USENIX Association, Proceedings of the Learning from Authoritative Security Experiment Results (LASER) 2016, pp.1-12
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger
https://hal-centralesupelec.archives-ouvertes.fr/hal-01311917
Contributeur : Jean-François Lalande <>
Soumis le : vendredi 24 juin 2016 - 15:38:52
Dernière modification le : vendredi 15 juin 2018 - 16:18:01
Document(s) archivé(s) le : dimanche 25 septembre 2016 - 11:39:18

Fichiers

laser-kharon.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01311917, version 1

Collections

UNIV-ORLEANS | INRIA | IRISA | SUP_CIDRE | CENTRALESUPELEC | UR1-UFR-ISTIC | UNIV-PARIS-SACLAY | UNIV-RENNES

Citation

Nicolas Kiss, Jean-François Lalande, Mourad Leslous, Valérie Viet Triem Tong. Kharon dataset: Android malware under a microscope. The Learning from Authoritative Security Experiment Results (LASER) workshop, May 2016, San Jose, United States. USENIX Association, Proceedings of the Learning from Authoritative Security Experiment Results (LASER) 2016, pp.1-12. 〈hal-01311917〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

898

Téléchargements de fichiers

614

Contact

support.ccsd.cnrs.fr
hal.support@ccsd.cnrs.fr
Logo CCSD