A Distributed Framework for Collaborative and Dynamic Analysis of Android Malware

Combination of dynamic and static analysis is very effective in detecting malicious Android apps. However, dynamic analysis is hardly practiced on large scale, due to the necessary active interaction with the malicious app, which is reliable only if performed by a user on a real device. In this paper we present a framework for distributed and collaborative analysis of Android suspicious apps, which leverages real users to test the functionality of apps and detect eventual malicious behaviors by exploiting an on-host app for intrusion detection. The paper introduces the architecture, workflow and protocols to handle the report received by participating users, detecting and filtering the malicious ones. Simulative results to assess the performance of the proposed framework are reported and discussed.