Android Security Symposium 2015

ANANAS - ANalyzing ANdroid ApplicationS

About the speaker

Dieter Vymazal

University of Applied Sciences Upper Austria, Hagenberg, Austria
Dieter Vymazal is an Assistant Professor at the University of Applied Sciences Upper Austria. His main research interest is the analysis of malware especially focused on malware on mobile devices. Dieter gives courses on operating systems, networks, malware analysis and reverse engineering, and supervises several bachelor and master theses on malware analysis. As part of the Department for Secure Information Systems at the University of Applied Sciences Upper Austria he runs the Malware Lab Hagenberg that develops and maintains ANANAS, a framework for analyzing Android applications.

Abstract

Android is an open software platform for mobile devices with a large market share in the smartphone sector. The openness of the system as well as its wide adoption lead to an increasing amount of malware developed for this platform. ANANAS is an expandable and modular framework for analyzing Android applications that takes care of common needs of dynamic malware analysis and provides a simple to use plugin interface. Six plugins representing well-known techniques for malware analysis have been developed for ANANAS. Five of the six plugins implement dynamic analysis methods, such as system call hooking and network traffic analysis.

ANANAS is integrated in a scalable analysis infrastructure that allows analysts to upload samples and to get a report which contains filtered analysis results gathered by the used analysis plugins within a few minutes. The ANANAS analysis infrastructure is operated by the malware lab at the University of Applied Sciences in Hagenberg and is used by an Austrian antivirus vendor who gives feedback on the practical usefulness of the system.

Slides

Get the slides here.