TraceDroid: Dynamic Malware Analysis for Android
TraceDroid is a modified Android OS that generates comprehensive method traces for a given Android application. In particular, we modified Android's Dalvik Virtual Machine that already provides comprehensive method trace output and automated the "profiler" process for better malware analysis. Most of the work involved modifying the existing dvmMethodTraceAdd() function in Profile.c which is called each time a method is entered or left. The TraceDroid Analysis Platform (TAP) is a framework that uses TraceDroid to perform dynamic analysis of unknown Android applications. TAP aims to maximize the observed malware behavior by simulating certain events and includes a number of plug-ins to ease post-analysis of unknown applications, as well as to measure the effectiveness of the executed dynamic analysis. TraceDroid now has become public - please give at try! |