HAL-Based Resource Manipulation Monitoring on AOSP

Nowadays, Android malware uses sensitive APIs to manipulate an Android device’s resources frequently. Conventional malware analysis uses hooking techniques to detect this harmful behavior. However, this approach is facing many problems, such as low coverage rate and computational overhead. To solve...

Full description

Bibliographic Details
Main Authors: Thien-Phuc Doan, Jungsoo Park, Souhwan Jung
Format: Article
Language:English
Published: Hindawi Limited 2020-01-01
Series:Mobile Information Systems
Online Access:http://dx.doi.org/10.1155/2020/8863385
Description
Summary:Nowadays, Android malware uses sensitive APIs to manipulate an Android device’s resources frequently. Conventional malware analysis uses hooking techniques to detect this harmful behavior. However, this approach is facing many problems, such as low coverage rate and computational overhead. To solve this problem, we proposed HALWatcher, an alternative technique to monitor resource manipulation on Android Open Source Project (AOSP). By modifying Hardware Abstract Layer (HAL) resource accessing interfaces and their implementation, we can embed more monitoring functions at critical methods that are in charge of transferring data between the Hardware Driver and the Framework Layer. Hence, HALWatcher provides a lightweight and high coverage rate system that can perform resource manipulation monitoring for Android OS. In this paper, we prove that the hooking technique is limited in detecting resource manipulation attacks. Besides that, HALWatcher shows an outperform detection rate with a low computational effort.
ISSN:1574-017X
1875-905X