Enhancing Accuracy of Android Malware Detection using Intent Instrumentation

Event-driven actions in Android malwares and complexity of extracted profiles of applications’ behaviors are two challenges in dynamic malware analysis tools to find malicious behaviors. Thanks to ability of eventdriven actions in Android applications, malwares can trigger their malicious behaviors at specific conditions and evade from detection. In this paper, we propose a framework for instrumenting Intents in Android applications’ source code in a way that different parts of the application be triggered automatically at runtime. Our instrumented codes force the application to exhibit its behaviors and so we can have a more complete profile of the application’s behaviors. Our framework, which is implemented as a tool, first uses static analysis to extract an application’s structure and components and then, instruments Intents inside the application’s Smali codes. Experimental results show that applying our code instrumentation framework on applications help exhibiting more data leakage behaviors such as disclosing Android ID in 79 more applications in a data set containing 6,187 malwares in comparison to using traditional malware analysis tools.