CopperDroid represents our research effort to automatically perform out-of-the-box dynamic behavioral analysis of Android malware. To this end, CopperDroid presents a unified analysis to characterize low-level OS-specific (e.g., writing to a file) and high-level Android-specific behaviors (e.g., sending an SMS, placing a phone call). Based on the observation that such behaviors are however achieved through the invocation of system calls, CopperDroid's VMI-based dynamic system call-centric analysis is able to faithfully describe the behavior of Android malware whether it is initiated from Java, JNI or native code execution.
In addition, CopperDroid features a stimulation technique to improve code coverage, aimed at triggerring additional behaviors of interest. Our initial experiments show that a proper malware stimulation strategy (e.g., sending SMS, placing calls) successfully discloses additional behaviors on a non-negligible portion of the analyzed malware samples.
For more information, bug reports, and whatnot you can contact us at:
GPG key here (Fingerprint: 0E79 B01A 4133 1C7D 0E46 F847 9F14 7B25 FC14 BC05)
By submitting an Android .apk sample to our system, you automatically grant us the right to use such sample for our present and future research activities.
Please note that reports are produced in the hope they will be useful, but WITHOUT any warranty about their accurateness and completeness.
We would like to thanks Lorenzo Flore and Mauro Matteo Cascella for their support to the project.