Abstract:

This paper focuses on dynamic analysis for malware detection on Android. Initially, a literature review was conducted to understand both static and dynamic analysis approaches and their limitations, particularly highlighting the shortcomings of static analysis. The study demonstrates techniques for extracting various traces, such as system calls and network traffic, using dynamic analysis. The core of the study is the design of an automated system for the dynamic analysis of Android malware. This system automates the capture and analysis of APK traces using modules that monitor system calls, debug logs, and network traffic. It was found that relying on a single dynamic analysis module is insufficient, leading to false negatives, whereas combining data from all three modules enhances detection accuracy. Future directions include developing an intermediary using MQTT to reduce database load and improving the learning process for the three modules.