IEEE Access (Jan 2020)
A-Pot: A Comprehensive Android Analysis Platform Based on Container Technology
Abstract
Recently, intelligent Android malware avoids being analyzed using anti-emulator, anti-debugging, and rooting detection. Existing emulators have problems to be easily detected by malware that check with hardware or sensor information. This paper proposes an efficient analysis system A-Pot, to deal with intelligent Android malware. A-Pot applied the Android container technology. It's made to be similar to a real phone using ARM-based hardware. A-Pot is equipped with sensor modules such as USIM, Bluetooth, and Wi-Fi module. In order to respond to the environment analysis, the properties of the Android OS are made to be the same as the real mobile phone. In addition, A-Pot is designed to connect to a mini base station for supporting SMS and phone calls with the 3G network. Moreover, with the advantages provided by the container technology, A-Pot is able to support non-ADB, non-debuggers, and non-root environments. To prove the efficiency of our platform, we analyzed using intelligent Android malware, antivirus, Google Play apps, and general malware. This model had an operating rate of about 97.36% for 5000 malware. The proposed A-Pot can be efficiently applied to defend against intelligent Android malware analysis.
Keywords