A basic repository for Android Malware Detenction Analysis
The popularity and adoption of smartphones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples. We focus on the Android platform and aim to systematize or characterize existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads. The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments show that the best case detects 79.6% of them while the worst case detects only 20.2% in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.
User Guide
You can start the program from IDE or from jar (AndroidMalwareAnalysis.jar)
-
Start from IDE Build and Run the source code- The directory will be istalled in "projectPath"/target. This directory contain necessary tool for the execcution, the malware samples and the result of the analyzed apk.
-
Start from jar Start the file bat AndroidMalwareAnalysis.bat (only for windows operating system), otherwise, start jar file by cmd line. The directory AMDA_Resource will be copied in the same directory of jar.
If is there any problem related to tool download (network conncetion disabled) or problem related to the DroidNative tool, use the folder AMDA_Resource located in rar file. It contain alla necessary tool for the execution program.
Info:
- Malware Path (Example: malwareFamilies directory contain a malware family) Note Well: insert the path of malwareFamilies folder, not specific malware family, because the tool allow to work with more than one malware family.
- Apk Path to be analyzed
In the .rar there are the directory as follow:
- Source Code (AndroidMalwareDetectionAnalysis)
- MalwareFamilies (disassambled malware)
- AMDA_Resource (all downloaded tool)
- bin (Contain jar and bat files).
[Tested only for Windows]