rpt@altervista

where my creativity goes to die

Google

FileScan

[29 November 2012]


FileScan is a Python script for static analysis of Android applications.
I have developed it as part of the work for my Master's thesis (here you can read the summary), in collaboration with Telecom Italia researchers and with my collegue Tao Su, who worked on the dynamic analysis.
[android malware]
FileScan is able to check every file inside an apk, using magic number analysis to identify:

It is able to quickly identify potentially dangerous files, defeating trivial obfuscation techniques (e.g., using false extensions, hiding files in archives).

Finally, it can combine all the data collected, defining a final "risk score" through a fuzzy system.
During the tests, it achieved a detection rate of 57.1% on the Genome malware dataset (1361 apks), and identified as completely safe 99.1% of the applications from a goodware dataset (3558 apks, both from the market and unofficial repositories).

Visit the project page

poli programmazione android


Share on Facebook Share on Twitter