T2Droid: A TrustZone-based Dynamic Analyser for Android Applications

TitleT2Droid: A TrustZone-based Dynamic Analyser for Android Applications
Publication TypeConference Paper
Year of Publication2017
AuthorsYalew SDemesie, Maguire, Jr. GQ, Haridi S, Correia M
Conference NameProceedings of the 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Date PublishedAugust
Conference LocationSydney, Australia

Android has become the most widely used mobile operating system (OS) in recent years. There is much research on methods for detecting malicious Android applications. Dy- namic analysis methods detect such applications by evaluating their behaviour during execution. However, such mechanisms may be ineffective as malware is often able to disable anti- malware software. This paper presents the design of T2DROID, a dynamic analyser for Android that uses traces of Android API function calls and kernel syscalls, and that is protected from malware by leveraging the ARM TrustZone security extension. In our experimental evaluation T2DROID achieved accuracy and precision of 0.98 and 0.99, respectively, with a kNN classifier.