DLCDroid an android apps analysis framework to analyse the dynamically loaded code

DLCDroid an android apps analysis framework to analyse the dynamically loaded code

Abstract To combat dynamically loaded code in anti-emulated environments, DLCDroid is an Android app analysis framework. DL-CDroid uses the reflection API to effectively identify information leaks due to dynamically loaded code within malicious apps, incorporating static and dynamic analysis techniq...

Full description

Saved in:
Bibliographic Details
Main Authors: Rati Bhan, Rajendra Pamula, K Susheel Kumar, Nand Kumar Jyotish, Prasun Chandra Tripathi, Parvez Faruki, Jyoti Gajrani
Format: Article
Language:English
Published: Nature Portfolio 2025-01-01
Series:Scientific Reports
Subjects:
Dynamic Code
Reflection API
Android Malware
Application Security
Online Access:https://doi.org/10.1038/s41598-025-88003-6
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract To combat dynamically loaded code in anti-emulated environments, DLCDroid is an Android app analysis framework. DL-CDroid uses the reflection API to effectively identify information leaks due to dynamically loaded code within malicious apps, incorporating static and dynamic analysis techniques. The Dynamically Loaded Code (DLC) technique employs Java features to allow Android apps to dynamically expand their functionality at runtime. Unfortunately, malicious app developers often exploit DLC techniques to transform seemingly benign apps into malware once installed on real devices. Even the most sophisticated static analysis tools struggle to detect data breaches caused by DLC. Our analysis demonstrates that conventional tools areill-equipped to handle DLC. DLCDroid leverages dynamic code interposition techniques for API hooking to expose concealed malicious behavior without requiring modifications to the Android framework. DLCDroid can unveil suspicious behavior that remains hidden when relying solely on static analysis. We evaluate DLCDroid’s performance using a dataset comprising real-world benign and malware apps from reputed repositories like VirusShare and the Google Play Store. Compared to state-of-the-art approaches, the results indicate a significant improvement in detecting sensitive information leaks, more than 95.6% caused by reflection API. Furthermore, we enhance DLCDroid’s functionality by integrating it with an event-based trigger solution, making the framework more scalable and fully automated in its analysis process.
ISSN:2045-2322

Similar Items