Skip to content

Home

Jump to bottom Edit New page
smutti edited this page Dec 11, 2015 · 7 revisions 
            ____                 _____            _     _ 
           |  _ \               |  __ \          (_)   | |
           | |_) | __ _ _ __ ___| |  | |_ __ ___  _  __| |

Welcome to the | _ < / | '__/ _ \ | | | '__/ _ \| |/ _ | wiki! | |) | (| | | | / || | | | () | | (| | |/ _,|| _|_/|_| _/||_,_|

BareDroid is a scalable bare-metal malware-analysis platform for Android devices, the first infrastructure of this kind.

##Rationale of the approach

To analyze potentially-malicious Android apps at scale, security researchers have developed a variety of virtualized analysis environments, such as Andrubis, Google's Bouncer. Virtualized environments are the go-to choice because they are inherently scalable. Unfortunately, malware authors are aware of this trend.

Researchers have recently evaluated virtualized Android analysis environments [1], and they have found more than 10,000 detection heuristics that an app can use to detect emulated environment.

Despite the significant threat posed by emulator-aware Android malware (as it can evade all current analysis approaches), no solution to this problem has been proposed... until now...

BareDroid allows for bare-metal malware analysis on off-the-shelf Android devices and it is designed to scale at a price-point similar to the one offered by emulators.

[1] Jing, Yiming, et al. "Morpheus: automatically generating heuristics to detect Android emulators" Proceedings of the 30th Annual Computer Security Applications Conference. ACM, 2014.

##Publication Simone Mutti, Yanick Fratantonio, Antonio Bianchi, Luca Invernizzi, Jacopo Corbetta, Christopher Kruegel, and Giovanni Vigna. "BareDroid: Large-Scale Analysis of Android Apps on Real Devices" Proceedings of the 31st Annual Computer Security Applications Conference. Los Angeles, CA, December 2015.

##Acknowledgement We would like to thank the anonymous reviewers and our shepherd, William Enck, for their valuable feedback. This material is based on research sponsored by DARPA under agreements number FA8750-12-2-0101 and FA8750- 15-2-0084. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The work was also supported by the Office of Naval Research (ONR) under grant N000140911042, the Army Research Office (ARO) under grant W911NF0910553, by the National Science Foundation under grant CNS-1408632, by Lastline, Inc., and Secure Business Austria. This work was also partially supported by a Google Research Award (winter 2014) and by the Italian Ministry of Research within the PRIN project “GenData2020.”

Add a custom footer
Add a custom sidebar
Clone this wiki locally