SMS Observer: A dynamic mechanism to analyze the behavior of SMS-based malware

Chun Yi Wang, Chi Yu You, Fu Hau Hsu, Chia Hao Lee, Che Hao Liu, Yung Yu Zhuang

研究成果: 雜誌貢獻期刊論文同行評審

5 引文 斯高帕斯(Scopus)


Nowadays smartphones become an indispensable tool in many people's everyday life that makes themselves attractive targets for attackers. Among various malware targeting at smartphones, SMS-based malware is one of the most notorious ones. Though a number of Android dynamic analysis frameworks have been proposed to analyze SMS-based malware, most of these frameworks or some Android tools, such as Google Android Emulator, do not support an app or malware to send SMS messages to a real smartphone; hence, security researchers cannot use them directly to analyze the behavior of SMS-based malware. In our previous work, SMS Helper, we designed an application layer tool to allow an app or malware in an Android emulator to send and receive SMS messages to or from a real smartphone. Based on SMS Helper, this paper proposes an Android dynamic analysis framework, called SMS Observer, to assist security researchers to analyze SMS-based malware. SMS Observer integrates SMS Helper into it as a client agent, meanwhile, and it maintains the integrity of system logs. This paper also figures out a way to detect whether an app is executed in an emulator and describes how to use SMS Observer to prevent such evasion. Experimental results using real-world malware samples show SMS Observer is much more effective in detecting SMS-related behavior of SMS-based malware than existing frameworks, such as Google Android Emulator, Andrubis, CopperDroid, and DroidBox. SMS Observer can analyze sophisticated SMS-based malware samples and provide a comprehensive view of malicious behavior.

頁(從 - 到)25-37
期刊Journal of Parallel and Distributed Computing
出版狀態已出版 - 10月 2021


深入研究「SMS Observer: A dynamic mechanism to analyze the behavior of SMS-based malware」主題。共同形成了獨特的指紋。