IIT Home Page CNR Home Page

VizMal: A Visualization Tool for Analyzing the Behavior of Android Malware

Malware signature extraction is currently a manual and a time-consuming process. As a matter of fact, security analysts have to manually inspect samples under analysis in order to find the malicious behavior. From research side, current literature is lacking of methods focused on the malicious behavior localization: designed approaches basically mark an entire application as malware or non-malware (i.e., take a binary decision) without knowledge about the malicious behavior localization inside the analysed sample. In this paper, with the twofold aim of assisting the malware analyst in the inspection process and of pushing the research community in malicious behavior localization, we propose VizMal, a tool for visualizing the dynamic trace of an Android application which highlights the portions of the application which look potentially malicious. VizMal performs a detailed analysis of the application activities showing for each second of the execution whether the behavior exhibited is legitimate or malicious. The analyst may hence visualize at a glance when at to which degree an application execution looks malicious.

2st International Workshop on FORmal methods for Security Engineering (ForSE 2018), in conjunction with the 4rd International Conference on Information Systems Security and Privacy (ICISSP 2018), Funchal, Portugal, 2018

External authors: Alessandro Bacci (Dipartimento di Ingegneria e Architettura, Università degli Studi di Trieste), Eric Medvet (Dipartimento di Ingegneria e Architettura, Università degli Studi di Trieste)
IIT authors:

Type: Contributo in atti di convegno
Field of reference: Computer Science & Engineering

File: 2017_ICISSP_VisualizingAndroidMalwareBehavior (1).pdf

Activity: Sicurezza di dispositivi mobili