Artificial User Emulator to Detect Intelligent Malware on Android

Abstract

Given that most emulator based analysis environment have many static and dynamic differences from a real device used by a user, such environments can be easily tricked by an intelligent malware which may prey upon specific details like IMEI number, button press, accelerometer, GPS coordinates etc. to know whether it is in an emulator thereafter it can act benignly and pass the test undetected. This, and other vulnerabilities have been recognized by this paper and to enhance the detection capability of dynamic analysis environments, we present a framework with a twofold objective, to emulate artificial user behavior and, to help unravel malware's true behavior. Furthermore, our framework is divided into two major categories based on dynamic and static properties of a Smartphone. The framework is tested with an open-source sandbox environment and an existing emulator detection application.