Analyzing Android applications for malicious behavior is an important area of research, and is made difficult, in part, by the increasingly large number of applications available for the platform. While techniques exist to perform static analysis on a large number of applications, dynamic analysis techniques are relatively limited in scale due to the computational resources required to emulate the full Android system to achieve accurate execution. We present Andlantis, a scalable dynamic analysis system capable of processing over 3000 Android applications per hour. During this processing, the system is able to collect valuable forensic data, which helps reverse-engineers and malware researchers identify and understand anomalous application behavior. We discuss the results of running 1261 malware samples through the system, and provide examples of malware analysis performed with the resulting data.
@article{arxiv.1410.7751,
title = {Andlantis: Large-scale Android Dynamic Analysis},
author = {Michael Bierma and Eric Gustafson and Jeremy Erickson and David Fritz and Yung Ryn Choe},
journal= {arXiv preprint arXiv:1410.7751},
year = {2014}
}
Comments
In Proceedings of the Third Workshop on Mobile Security Technologies (MoST) 2014 (http://arxiv.org/abs/1410.6674)