Skip to Main content Skip to Navigation
Conference papers

GroDDViewer: Dynamic Dual View of Android Malware

Abstract : Understanding an Android malware is a difficult task that requires strong skills in reverse engineering. Few tools exist except the well know IDA and Ghidra tools that are more focused on the analysis of binaries. In the Android world, understanding a malware requires to analyze the bytecode of the application, possibly obfuscated or hidden in a benign application that has been modified. At execution time, the malware can download new payloads, compromise the smartphone, and install new apps. We believe that a security analyst would appreciate to visualize and replay an execution of an Android malware. In particular, an analysis that bridges the gap between the bytecode and the events occurring during the execution would help to understand the malware behavior. In this article, we propose GroDDViewer the first tool offering a dual view of the execution of an Android malware. The first view represents the execution at operating system level through the representation of all information flow between files, processes and sockets. The second view represents what happened in the code of the application, during its execution. The benefit of this visualization tool is illustrated on a ransomware sample. In future, we plan to evaluate the tool with a panel of users on a benchmark of malware samples.
Keywords : visualization malware
Document type :
Conference papers
Complete list of metadatas

Cited literature [28 references]  Display  Hide  Download

https://hal-centralesupelec.archives-ouvertes.fr/hal-02913112
Contributor : Jean-François Lalande <>
Submitted on : Friday, August 7, 2020 - 3:04:54 PM
Last modification on : Thursday, September 3, 2020 - 2:15:06 PM

File

camera-gramsec.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02913112, version 1

Citation

Jean-François Lalande, Mathieu Simon, Valérie Viet Triem Tong. GroDDViewer: Dynamic Dual View of Android Malware. GraMSec 2020 - 7th Seventh International Workshop on Graphical Models for Security, Jun 2020, Virtual Conference, France. pp.1-13. ⟨hal-02913112⟩

Share

Metrics

Record views

97

Files downloads

33