Andlantis: Large-scale Android Dynamic Analysis
This addresses the problem of limited scalability in dynamic analysis for malware researchers and reverse-engineers, though it is incremental as it builds on existing dynamic analysis techniques.
The paper tackles the challenge of scaling dynamic analysis for Android applications by presenting Andlantis, a system that processes over 3000 apps per hour and collects forensic data, as demonstrated with 1261 malware samples.
Analyzing Android applications for malicious behavior is an important area of research, and is made difficult, in part, by the increasingly large number of applications available for the platform. While techniques exist to perform static analysis on a large number of applications, dynamic analysis techniques are relatively limited in scale due to the computational resources required to emulate the full Android system to achieve accurate execution. We present Andlantis, a scalable dynamic analysis system capable of processing over 3000 Android applications per hour. During this processing, the system is able to collect valuable forensic data, which helps reverse-engineers and malware researchers identify and understand anomalous application behavior. We discuss the results of running 1261 malware samples through the system, and provide examples of malware analysis performed with the resulting data.