CopperDroid

CopperDroid represents our research effort to automatically perform out-of-the-box dynamic behavioral analysis of Android malware. To this end, CopperDroid presents a unified analysis to characterize low-level OS-specific (e.g., writing to a file) and high-level Android-specific behaviors (e.g., sending an SMS, placing a phone call). Based on the observation that such behaviors are however achieved through the invocation of system calls, CopperDroid's VMI-based dynamic system call-centric analysis is able to faithfully describe the behavior of Android malware whether it is initiated from Java, JNI or native code execution.

In addition, CopperDroid features a stimulation technique to improve code coverage, aimed at triggerring additional behaviors of interest. Our initial experiments show that a proper malware stimulation strategy (e.g., sending SMS, placing calls) successfully discloses additional behaviors on a non-negligible portion of the analyzed malware samples.


Publications

  • CopperDroid: On the Reconstruction of Android Malware Behaviors Aristide Fattori, Kimberly Tam, Salahuddin J. Khan, Alessandro Reina, and Lorenzo Cavallaro Technical Report MA-2014-01 Royal Holloway University of London, Februrary, 2014 [PDF] [BibTeX]
  • A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors Alessandro Reina, Aristide Fattori, and Lorenzo Cavallaro In the Proceedings of the 6th European Workshop on Systems Security (EuroSec) Prague, Czech Republic, April 14, 2013 [PDF] [BibTeX]


CopperDroid is designed and developed by the Information Security Group (ISG) of Royal Holloway, University of London and LaSER (Network and Security Lab) of Università degli Studi di Milano.

For more information, bug reports, and whatnot you can contact us at:

GPG key here (Fingerprint: 0E79 B01A 4133 1C7D 0E46 F847 9F14 7B25 FC14 BC05)

By submitting an Android .apk sample to our system, you automatically grant us the right to use such sample for our present and future research activities.

Please note that reports are produced in the hope they will be useful, but WITHOUT any warranty about their accurateness and completeness.

Acknowledgments

We would like to thanks Lorenzo Flore and Mauro Matteo Cascella for their support to the project.