Earticle

초록

영어

Android malware analysis systems examine the runtime behavior of apps in emulators for dynamic analysis. However, evasive Android malware can stop executing malicious activities to avoid detection by malware analysis systems if it finds itself executing on an emulator. Thus, it is important to investigate existing and potential techniques for detecting emulated environments. In this paper, we propose an effective technique to detect the latest Android emulators, Android Virtual Device (AVD), NoxPlayer, and BlueStacks. The proposed technique utilizes the properties of the build.prop file as well as android.os.Build class to detect the latest emulators. Experimental results show that emulators were effectively detected by checking the string values corresponding some specific properties.

목차

Abstract
I. INTRODUCTION
II. RELATED WORK
III. EMULATOR DETECTION USING THE BUILD PROPERTIES
A. Emulators and Experimental Environments
B. Comparison of an AVD and NoxPlayer
C. Comparison of an AVD and BlueStacks 5
IV. CONCOLUSION AND FUTURE WORK
REFERENCES

저자

• Jae-do Lim [ Dept. of Software Science Dankook University Yongin, Republic of Korea ]
• Il-kyu Kim [ Dept. of Computer Engineering, Dankook University Yongin, Republic of Korea ]
• Namsu Kim [ Dept. of Computer Science and Engineering Dankook University Yongin, Republic of Korea ]
• BooJoong Kang [ Dept. of Electronics and Computer Science University of Southampton Southampton, United Kingdom ] Corresponding Author
• Seong-je Cho [ Dept. of Software Science Dankook University Yongin, Republic of Korea ] Corresponding Author

참고문헌