Earticle

초록

영어

Android malware analysis systems examine the runtime behavior of apps in emulators for dynamic analysis. However, evasive Android malware can stop executing malicious activities to avoid detection by malware analysis systems if it finds itself executing on an emulator. Thus, it is important to investigate existing and potential techniques for detecting emulated environments. In this paper, we propose an effective technique to detect the latest Android emulators, Android Virtual Device (AVD), NoxPlayer, and BlueStacks. The proposed technique utilizes the properties of the build.prop file as well as android.os.Build class to detect the latest emulators. Experimental results show that emulators were effectively detected by checking the string values corresponding some specific properties.

목차

Abstract
I. INTRODUCTION
II. RELATED WORK
III. EMULATOR DETECTION USING THE BUILD PROPERTIES
A. Emulators and Experimental Environments
B. Comparison of an AVD and NoxPlayer
C. Comparison of an AVD and BlueStacks 5
IV. CONCOLUSION AND FUTURE WORK
REFERENCES

키워드

저자

• Jae-do Lim [ Dept. of Software Science Dankook University Yongin, Republic of Korea ]
• Il-kyu Kim [ Dept. of Computer Engineering, Dankook University Yongin, Republic of Korea ]
• Namsu Kim [ Dept. of Computer Science and Engineering Dankook University Yongin, Republic of Korea ]
• BooJoong Kang [ Dept. of Electronics and Computer Science University of Southampton Southampton, United Kingdom ] Corresponding Author
• Seong-je Cho [ Dept. of Software Science Dankook University Yongin, Republic of Korea ] Corresponding Author

참고문헌

발행기관

간행물

표지보기 관심저널 등록

• 간행물명

  한국차세대컴퓨팅학회 학술대회

• 간기

  반년간

• 수록기간

  2021~2025

• 십진분류

  KDC 566 DDC 004