CopperDroid represents our initial research effort to automatically perform out-of-the-box dynamic behavioral analysis of Android malware (and apps in general). The novelty of CopperDroid lies in its agnostic approach to identify interesting OS- and high-level Android-specific behaviors. It reconstructs these behaviors by observing and dissecting system calls and, therefore, is resistant to the multitude of alterations the Android runtime is subjected to over its life-cycle. CopperDroid automatically and accurately reconstructs events of interest that describe, not only well-known process-OS interactions (e.g., file and process creation), but also complex intra- and inter-process communications (e.g., SMS reception), whose semantics are typically contextualized through complex Android objects. Because CopperDroid's reconstruction mechanisms are agnostic to the underlying action invocation methods, it is able to capture actions initiated both from Java and native code execution. CopperDroid's analysis generates detailed behavioral profiles that abstract a large stream of low-level&emdash;often uninteresting&emdash;events into concise, high-level semantics, which are well-suited to provide insightful behavioral traits and open the possibility to further research directions. We carried out an extensive evaluation to assess the capabilities and performance of CopperDroid on more than 2,900 Android malware samples. Our experiments show that CopperDroid faithfully reconstructs OSand Android-specific behaviors. Additionally, we demonstrate how CopperDroid can be leveraged to disclose additional behaviors through the use of a simple, yet effective, app stimulation technique. Using this technique, we successfully triggered and disclosed additional behaviors on more than 60% of the analyzed malware samples. This qualitatively demonstrates the versatility of CopperDroid's ability to improve dynamic-based code coverage.
For more information, bug reports, and whatnot you can contact us at:
GPG key here (Fingerprint: 0E79 B01A 4133 1C7D 0E46 F847 9F14 7B25 FC14 BC05)
By submitting an Android .apk sample to our system, you automatically grant us the right to use such sample for our present and future research activities.
Please note that reports are produced in the hope they will be useful, but WITHOUT any warranty about their accurateness and completeness.
We would like to thanks Lorenzo Flore and Mauro Matteo Cascella for their support to the project.