Mobile computing has experienced enormous growth in market share and computational power in recent years. As a result, mobile malware is becoming more sophisticated and more prevalent, leading to research into dynamic sandboxes as a widespread approach for detecting malicious applications. However, the event-driven nature of Android applications renders critical the capability to automatically generate deterministic and intelligent user interactions to drive analysis subjects and improve code coverage. In this paper, we present CuriousDroid, an automated system for exercising Android application user interfaces in an intelligent, user-like manner. CuriousDroid operates by decomposing application user interfaces on-the-fly and creating a context-based model for interactions that is tailored to the current user layout. We integrated CuriousDroid with Andrubis, a well-known Android sandbox, and conducted a large-scale evaluation of 38,872 applications taken from different data sets. Our evaluation demonstrates significant improvements in both end-to-end sample classification as well as increases in the raw number of elicited behaviors at runtime.
@inproceedings{Carter2016CuriousDroid_Automated,
title = {{CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes}},
author = {Carter, Patrick and Mulliner, Collin and Lindorfer, Martina and Robertson, William and Kirda, Engin},
booktitle = {Proceedings of the International Conference on Financial Cryptography and Data Security (FC)},
month = {February},
year = {2016},
address = {Christ Church, Barbados}
}