Skip to Main content Skip to Navigation
Conference papers

GroDDViewer: Dynamic Dual View of Android Malware

Abstract : Understanding an Android malware is a difficult task that requires strong skills in reverse engineering. Few tools exist except the well know IDA and Ghidra tools that are more focused on the analysis of binaries. In the Android world, understanding a malware requires to analyze the bytecode of the application, possibly obfuscated or hidden in a benign application that has been modified. At execution time, the malware can download new payloads, compromise the smartphone, and install new apps. We believe that a security analyst would appreciate to visualize and replay an execution of an Android malware. In particular, an analysis that bridges the gap between the bytecode and the events occurring during the execution would help to understand the malware behavior. In this article, we propose GroDDViewer the first tool offering a dual view of the execution of an Android malware. The first view represents the execution at operating system level through the representation of all information flow between files, processes and sockets. The second view represents what happened in the code of the application, during its execution. The benefit of this visualization tool is illustrated on a ransomware sample. In future, we plan to evaluate the tool with a panel of users on a benchmark of malware samples.
Keywords : malware visualization
Document type :
Conference papers
Complete list of metadata

Cited literature [28 references]  Display  Hide  Download
Contributor : Jean-François Lalande Connect in order to contact the contributor
Submitted on : Friday, August 7, 2020 - 3:04:54 PM
Last modification on : Friday, August 5, 2022 - 2:54:52 PM
Long-term archiving on: : Monday, November 30, 2020 - 4:25:56 PM


Files produced by the author(s)



Jean-François Lalande, Mathieu Simon, Valérie Viet Triem Tong. GroDDViewer: Dynamic Dual View of Android Malware. GraMSec 2020 - 7th Seventh International Workshop on Graphical Models for Security, Jun 2020, Virtual Conference, France. pp.127-139, ⟨10.1007/978-3-030-62230-5_7⟩. ⟨hal-02913112⟩



Record views


Files downloads