Skip to main content
SpringerLink
Log in

CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9603))

Included in the following conference series:

Abstract

Mobile computing has experienced enormous growth in market share and computational power in recent years. As a result, mobile malware is becoming more sophisticated and more prevalent, leading to research into dynamic sandboxes as a widespread approach for detecting malicious applications. However, the event-driven nature of Android applications renders critical the capability to automatically generate deterministic and intelligent user interactions to drive analysis subjects and improve code coverage. In this paper, we present CuriousDroid, an automated system for exercising Android application user interfaces in an intelligent, user-like manner. CuriousDroid operates by decomposing application user interfaces on-the-fly and creating a context-based model for interactions that is tailored to the current user layout. We integrated CuriousDroid with Andrubis, a well-known Android sandbox, and conducted a large-scale evaluation of 38,872 applications taken from different data sets. Our evaluation demonstrates significant improvements in both end-to-end sample classification as well as increases in the raw number of elicited behaviors at runtime.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Andrubis. http://anubis.iseclab.org/

  2. Hierarchy Viewer. http://developer.android.com/tools/help/hierarchy-viewer.html

  3. MonkeyRunner. http://developer.android.com/tools/help/monkeyrunner_concepts.html

  4. UI/Application Exerciser Monkey. http://developer.android.com/tools/help/monkey.html

  5. Azim, T., Neamtiu, I.: Targeted and depth-first exploration for systematic testing of Android apps. In: International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA) (2013)

    Google Scholar 

  6. Choi, W., Necula, G., Sen, K.: Guided GUI testing of Android apps with minimal restart and approximate learning. In: International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA) (2013)

    Google Scholar 

  7. Chung, F.: Android Developers Blog (2011). http://android-developers.blogspot.com/2011/07/custom-class-loading-in-dalvik.html. Accessed 5 May 2014

  8. Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in Android applications. In: ACM Conference on Computer and Communications Security (CCS) (2013)

    Google Scholar 

  9. Enck, W., Ongtang, M., McDaniel, P.D., et al.: Understanding Android security. IEEE Secur. Priv. (Oakland) 7, 50–57 (2009)

    Article  Google Scholar 

  10. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: ACM Conference on Computer and Communications Security (CCS) (2011)

    Google Scholar 

  11. Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2011)

    Google Scholar 

  12. Gomez, L., Neamtiu, I., Azim, T., Millstein, T.: RERAN: timing- and touch-sensitive record and replay for Android. In: International Conference on Software Engineering (ICSE) (2013)

    Google Scholar 

  13. Lindorfer, M., Neugschwandtner, M., Platzer, C.: MARVIN: efficient and comprehensive mobile app. Classification through static and dynamic analysis. In: Annual International Computers, Software & Applications Conference (COMPSAC) (2015)

    Google Scholar 

  14. Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., van der Veen, V., Platzer, C.: ANDRUBIS - 1,000,000 apps later: a view on current Android malware behaviors. In: Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) (2014)

    Google Scholar 

  15. Liu, B., Nath, S., Govindan, R., Liu, J.: DECAF: detecting and characterizing ad fraud in mobile apps. In: USENIX Conference on Networked Systems Design and Implementation (NSDI) (2014)

    Google Scholar 

  16. MacHiry, A., Tahiliani, R., Naik, M.: Dynodroid: an input generation system for Android apps. In: Foundations of Software Engineering (2013)

    Google Scholar 

  17. Maggi, F., Valdi, A., Zanero, S.: AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2013)

    Google Scholar 

  18. Mulliner, C.: Dynamic Dalvik Intrumentation (DDI). https://github.com/crmulliner/ddi

  19. Neuner, S., Van der Veen, V., Lindorfer, M., Huber, M., Merzdovnik, G., Mulazzani, M., Weippl, E.R.: Enter sandbox: Android sandbox comparison. In: IEEE Mobile Security Technologies Workshop (MoST) (2014)

    Google Scholar 

  20. Rastogi, V., Chen, Y., Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: Conference on Data and Application Security and Privacy (CODASPY) (2013)

    Google Scholar 

  21. Reina, A., Fattori, A., Cavallaro, L.: A system call-centric analysis and stimulation technique to automatically reconstruct Android malware. In: European Workshop on Systems Security (EuroSec) (2013)

    Google Scholar 

  22. Smith, A.: Americans and mobile computing: key trends and consumer research (2011). http://www.slideshare.net/PewInternet/americans-and-mobile-computing-key-trends-in-consumer-research. Accessed 7 May 2014

  23. Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-sandbox: having a deeper look into Android applications. In: Symposium on Applied Computing (SAC) (2013)

    Google Scholar 

  24. Strategy Analytics: Android captures record 85 percent share of global smartphone shipments in Q2 2014 (2014). http://www.prnewswire.com/news-releases/strategy-analytics-android-captures-record-85-percent-share-of-global-smartphone-shipments-in-q2-2014-269301171.html

  25. Vidas, T., Christin, N.: Evading Android runtime analysis via sandbox detection. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2014)

    Google Scholar 

  26. Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: USENIX Security Symposium (2012)

    Google Scholar 

  27. Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: SmartDroid: an automatic system for revealing UI-based trigger conditions in Android applications. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2012)

    Google Scholar 

  28. Zhou, Y., Jiang, X.: Dissecting Android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, Oakland (2012)

    Google Scholar 

Download references

Acknowledgements

This material is based upon work supported by the National Science Foundation under Grant No. CNS-1409738. The research leading to these results has received funding from the FFG – Austrian Research Promotion under grant COMET K1 and has been carried out within the scope of u’smile, the Josef Ressel Center for User-Friendly Secure Mobile Environments.

Author information

Authors and Affiliations

  1. Northeastern University, Boston, MA, USA

    Patrick Carter, Collin Mulliner, William Robertson & Engin Kirda

  2. SBA Research, Vienna, Austria

    Martina Lindorfer

Authors
  1. Patrick Carter
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Collin Mulliner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martina Lindorfer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. William Robertson
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Engin Kirda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Patrick Carter .

Editor information

Editors and Affiliations

  1. Technical University Munich, Garching, Germany

    Jens Grossklags

  2. Department of Electrical Engineering-ESAT, KU Leuven, Leuven, Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Cite this paper

Carter, P., Mulliner, C., Lindorfer, M., Robertson, W., Kirda, E. (2017). CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes. In: Grossklags, J., Preneel, B. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54970-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-54970-4_13

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-54969-8

  • Online ISBN: 978-3-662-54970-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation