TY - JOUR
T1 - SMS Observer
T2 - A dynamic mechanism to analyze the behavior of SMS-based malware
AU - Wang, Chun Yi
AU - You, Chi Yu
AU - Hsu, Fu Hau
AU - Lee, Chia Hao
AU - Liu, Che Hao
AU - Zhuang, Yung Yu
N1 - Publisher Copyright:
© 2021 Elsevier Inc.
PY - 2021/10
Y1 - 2021/10
N2 - Nowadays smartphones become an indispensable tool in many people's everyday life that makes themselves attractive targets for attackers. Among various malware targeting at smartphones, SMS-based malware is one of the most notorious ones. Though a number of Android dynamic analysis frameworks have been proposed to analyze SMS-based malware, most of these frameworks or some Android tools, such as Google Android Emulator, do not support an app or malware to send SMS messages to a real smartphone; hence, security researchers cannot use them directly to analyze the behavior of SMS-based malware. In our previous work, SMS Helper, we designed an application layer tool to allow an app or malware in an Android emulator to send and receive SMS messages to or from a real smartphone. Based on SMS Helper, this paper proposes an Android dynamic analysis framework, called SMS Observer, to assist security researchers to analyze SMS-based malware. SMS Observer integrates SMS Helper into it as a client agent, meanwhile, and it maintains the integrity of system logs. This paper also figures out a way to detect whether an app is executed in an emulator and describes how to use SMS Observer to prevent such evasion. Experimental results using real-world malware samples show SMS Observer is much more effective in detecting SMS-related behavior of SMS-based malware than existing frameworks, such as Google Android Emulator, Andrubis, CopperDroid, and DroidBox. SMS Observer can analyze sophisticated SMS-based malware samples and provide a comprehensive view of malicious behavior.
AB - Nowadays smartphones become an indispensable tool in many people's everyday life that makes themselves attractive targets for attackers. Among various malware targeting at smartphones, SMS-based malware is one of the most notorious ones. Though a number of Android dynamic analysis frameworks have been proposed to analyze SMS-based malware, most of these frameworks or some Android tools, such as Google Android Emulator, do not support an app or malware to send SMS messages to a real smartphone; hence, security researchers cannot use them directly to analyze the behavior of SMS-based malware. In our previous work, SMS Helper, we designed an application layer tool to allow an app or malware in an Android emulator to send and receive SMS messages to or from a real smartphone. Based on SMS Helper, this paper proposes an Android dynamic analysis framework, called SMS Observer, to assist security researchers to analyze SMS-based malware. SMS Observer integrates SMS Helper into it as a client agent, meanwhile, and it maintains the integrity of system logs. This paper also figures out a way to detect whether an app is executed in an emulator and describes how to use SMS Observer to prevent such evasion. Experimental results using real-world malware samples show SMS Observer is much more effective in detecting SMS-related behavior of SMS-based malware than existing frameworks, such as Google Android Emulator, Andrubis, CopperDroid, and DroidBox. SMS Observer can analyze sophisticated SMS-based malware samples and provide a comprehensive view of malicious behavior.
KW - Emulation
KW - Information security
KW - Network security
KW - System analysis and design
KW - Unified messaging
UR - http://www.scopus.com/inward/record.url?scp=85108095705&partnerID=8YFLogxK
U2 - 10.1016/j.jpdc.2021.05.004
DO - 10.1016/j.jpdc.2021.05.004
M3 - 期刊論文
AN - SCOPUS:85108095705
SN - 0743-7315
VL - 156
SP - 25
EP - 37
JO - Journal of Parallel and Distributed Computing
JF - Journal of Parallel and Distributed Computing
ER -