Speaker Deck

A distributed approach to malware analysis (BruCON 0x06 - Daan Raman)

by Daan Raman

Published September 25, 2014 in Technology

In this presentation, we will discuss the advantages of a distributed online mobile malware scanning service for Android. To the service, a range of distributed clients can contribute and share malware scanning results.

In our proof-of-concept called "ApkScan", we’ve implemented several clients that analyze Android samples in a distributed manner. Each client combines static and dynamic analysis techniques to get an understanding of the potential maliciousness of an Android application. Each sample can be analyzed in parallel by a number of clients. Scan results generated by these clients can then be requested and further analyzed through an online API which we will introduce and make public during BruCON.

Finally, we will present statistics on modern Android malware that has been analyzed by ApkScan over the past year. In that time period, more than 25.000 unique user-submitted and app store samples were analyzed.