Andlantis: Large-scale Android Dynamic Analysis

TL;DR

Andlantis is a scalable dynamic analysis system that efficiently processes thousands of Android apps per hour, aiding malware detection and forensic analysis by collecting detailed behavioral data.

Contribution

The paper introduces Andlantis, a novel system capable of large-scale dynamic analysis of Android applications with high throughput and valuable forensic data collection.

Findings

Processed over 3000 apps per hour

Analyzed 1261 malware samples

Collected forensic data for malware understanding

Abstract

Analyzing Android applications for malicious behavior is an important area of research, and is made difficult, in part, by the increasingly large number of applications available for the platform. While techniques exist to perform static analysis on a large number of applications, dynamic analysis techniques are relatively limited in scale due to the computational resources required to emulate the full Android system to achieve accurate execution. We present Andlantis, a scalable dynamic analysis system capable of processing over 3000 Android applications per hour. During this processing, the system is able to collect valuable forensic data, which helps reverse-engineers and malware researchers identify and understand anomalous application behavior. We discuss the results of running 1261 malware samples through the system, and provide examples of malware analysis performed with the resulting data.