Emulation vs Instrumentation for Android Malware Detection

Author

Anukriti Sinha, San Jose State University

Publication Date

Spring 2019

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Mark Stamp

Second Advisor

Fabio Di Troia

Third Advisor

Philip Heller

Keywords

Android Malware Detection, Machine Learning

Abstract

In resource constrained devices, malware detection is typically based on offline analysis using emulation. In previous work it has been claimed that such emulation fails for a significant percentage of Android malware because well-designed malware detects that the code is being emulated. An alternative to emulation is malware analysis based on code that is executing on an actual Android device. In this research, we collect features from a corpus of Android malware using both emulation and on-phone instrumentation. We train machine learning models based on emulated features and also train models based on features collected via instrumentation, and we compare the results obtained in these two cases.

Recommended Citation

Sinha, Anukriti, "Emulation vs Instrumentation for Android Malware Detection" (2019). Master's Projects. 700.
DOI: https://doi.org/10.31979/etd.5y5x-fm5n
https://scholarworks.sjsu.edu/etd_projects/700