Visible to the public HyDroid: A Hybrid Approach for Generating API Call Traces from Obfuscated Android Applications for Mobile Security

TitleHyDroid: A Hybrid Approach for Generating API Call Traces from Obfuscated Android Applications for Mobile Security
Publication TypeConference Paper
Year of Publication2017
AuthorsKhanmohammadi, K., Hamou-Lhadj, A.
Conference Name2017 IEEE International Conference on Software Quality, Reliability and Security (QRS)
Date Publishedjul
ISBN Number978-1-5386-0592-9
KeywordsAndroid (operating system), Android API, Android API call traces, Android applications, Androids, API call trace generation, APIs, application program interfaces, application services, compositionality, dynamic analysis, Humanoid robots, hybrid approach, HyDroid, Java, Malware, mobile computing, mobile security, obfuscated Android applications, program diagnostics, pubcrawl, reflection, Registers, Repackaging, resilience, Resiliency, security, security of data, security threats, source code, static analysis, Static and Dynamic Analysis of Apps

The growing popularity of Android applications makes them vulnerable to security threats. There exist several studies that focus on the analysis of the behaviour of Android applications to detect the repackaged and malicious ones. These techniques use a variety of features to model the application's behaviour, among which the calls to Android API, made by the application components, are shown to be the most reliable. To generate the APIs that an application calls is not an easy task. This is because most malicious applications are obfuscated and do not come with the source code. This makes the problem of identifying the API methods invoked by an application an interesting research issue. In this paper, we present HyDroid, a hybrid approach that combines static and dynamic analysis to generate API call traces from the execution of an application's services. We focus on services because they contain key characteristics that allure attackers to misuse them. We show that HyDroid can be used to extract API call trace signatures of several malware families.

Citation Keykhanmohammadi_hydroid:_2017