Security Toolbox for Detecting Novel and Sophisticated Android Malware

TL;DR

This paper introduces a Security Toolbox built on the Atlas platform for detecting novel and sophisticated Android malware, leveraging human-in-the-loop analysis to enhance detection capabilities against advanced threats.

Contribution

It presents a new malware detection approach combining program analysis and human-in-the-loop techniques within a comprehensive Security Toolbox for Android apps.

Findings

Effective detection of novel Android malware demonstrated

Integration of human-in-the-loop improves detection accuracy

Toolbox supports comprehensive Android app auditing

Abstract

This paper presents a demo of our Security Toolbox to detect novel malware in Android apps. This Toolbox is developed through our recent research project funded by the DARPA Automated Program Analysis for Cybersecurity (APAC) project. The adversarial challenge ("Red") teams in the DARPA APAC program are tasked with designing sophisticated malware to test the bounds of malware detection technology being developed by the research and development ("Blue") teams. Our research group, a Blue team in the DARPA APAC program, proposed a "human-in-the-loop program analysis" approach to detect malware given the source or Java bytecode for an Android app. Our malware detection apparatus consists of two components: a general-purpose program analysis platform called Atlas, and a Security Toolbox built on the Atlas platform. This paper describes the major design goals, the Toolbox components to achieve the goals, and the workflow for auditing Android apps. The accompanying video (http://youtu.be/WhcoAX3HiNU) illustrates features of the Toolbox through a live audit.