Dare 'DEVIL': beyond your senses with Dex Visualizer

Presented at VB2015, Oct. 1, 2015, 3 p.m. (30 minutes)

The use of behaviour-based detection is one of the most promising approaches with the rapid growth of *Android* applications and malware. Many security researchers are struggling with how to determine malicious behaviours and identify malware. The visualization of executables is one of the most effective ways to identify malware. However, there is no well-known or generic way for day-to-day security researchers to visualize the behaviours of *Android* applications and malware. In this paper, we will address how the behaviours of Dalvik executables could be visualized effectively by DEVIL. DEVIL is also known as Dex Visualizer and is a graph-based approach for visualizing the flow of various Dalvik objects, typically classes. Currently, DEVIL uses only static analysis information but it can easily be integrated with dynamic analysis information by design. However, this paper will focus on how to generate inter-object relations and visualize a graph of those relations. For example, inter-object relations could be generated by tracing so-called Android Application Lifecycle triggers, which could be *Android* APIs, permissions, intents and so on. A graph is visualized by force-directed layout algorithm of d3.js framework using inter-object relations. Finally, we will demonstrate some results of force-directed graph visualization of *Android* malware and will round off with some examples of how DEVIL could be applied in detecting *Android* malware.

Presenters:

  • Seolwoo Joo - AhnLab
  • Jun Yong Park - AhnLab
    Jun Yong Park Jun Yong Park is a senior principal researcher and architect at AhnLab, Inc. where he has made a variety of contributions to anti-virus engines, endpoint products and security researches since 2004. He is not only a professional of programming but also an expert in malware analysis. Hence, he sincerely hopes to eliminate the old-established chasm between programming engineers and malware researchers. During recent years his research interests have included, but are not limited to, Android and the visualization.

Links:

Similar Presentations: