Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/en/node/59605' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/en/node/59605' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Visualizing the outcome of dynamic analysis of Android malware with VizMal | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Visualizing the outcome of dynamic analysis of Android malware with VizMal

Malware detection techniques based on signature extraction require security analysts to manually inspect samples to find evidences of malicious behavior. This time-consuming task received little attention by researchers and practitioners, as most of the effort is on the identification as malware or non-malware of an entire sample. There are no tools for supporting the analyst in identifying when the malicious behavior occurs, given a sample. In this paper we propose VizMal, a tool able to visualize the execution traces of Android applications and to highlight which portions of the traces correspond to a potentially malicious behavior. The aim of VizMal is twofold: assisting the malware analyst during the inspection of an application and pushing the research community to organize and focus its effort on the malicious behavior localization. VizMal is able to discern if the application behavior during each second of execution are legitimate or malicious and to show this information in a simple and understandable way. We validate VizMal experimentally and by means of a user study: the results are promising and confirm that the tool can be useful.

Journal of Information Security and Applications, 2020

External authors: Andrea De Lorenzo (Università degli Studi di Trieste, Trieste), Eric Medvet (Università degli Studi di Trieste, Trieste), Antonella Santone (Università degli Studi del Molise, Campobasso)
IIT authors:

Type: Contributo in rivista non ISI
Field of reference: Computer Science & Engineering

File: 2019_JISA_VisualizingAndroidMalware.pdf

Activity: Sicurezza di dispositivi mobili