VizMal: A Visualization Tool for Analyzing the Behavior of Android Malware

posted Nov 22, 2017, 8:38 AM by Eric Medvet   [ updated Nov 22, 2017, 8:38 AM ]
  • International Workshop on FORmal methods for Security Engineering (ForSE), 2018, Madeira (Portugal), to appear
  • Alessandro Bacci, Fabio Martinelli, Eric Medvet, Francesco Mercaldo
Malware signature extraction is currently a manual and a time-consuming process. As a matter of fact, security analysts have to manually inspect samples under analysis in order to find the malicious behavior. From research side, current literature is lacking of methods focused on the malicious behavior localization: designed approaches basically mark an entire application as malware or non-malware (i.e., take a binary decision) without knowledge about the malicious behavior localization inside the analysed sample. In this paper, with the twofold aim of assisting the malware analyst in the inspection process and of pushing the research community in malicious behavior localization, we propose VizMal, a tool for visualizing the dynamic trace of an Android application which highlights the portions of the application which look potentially malicious. VizMal performs a detailed analysis of the application activities showing for each second of the execution whether the behavior exhibited is legitimate or malicious. The analyst may hence visualize at a glance when at to which degree an application execution looks malicious.