DLCDroid an android apps analysis framework to analyse the dynamically loaded code

作     者：Bhan, Rati Pamula, Rajendra Kumar, K. Susheel Jyotish, Nand Kumar Tripathi, Prasun Chandra Faruki, Parvez Gajrani, Jyoti 

作者机构：Galgotias Univ Sch Comp Sci & Engn Greater Noida 203201 India Indian Inst Technol ISM Dept Comp Sci & Engn Dhanbad 826004 India Manipal Acad Higher Educ Manipal Inst Technol Bengaluru Dept Informat Technol Manipal 560054 India Birla Inst Technol Dept Comp Sci & Engn Mesra Jharkhand India Inst Infrastruct Technol Res & Management Dept Elect & Comp Sci Engn Ahmadabad 380026 Gujarat India Univ Sheffield Dept Comp Sci Sheffield England Govt Gujarat Dept Tech Educ Gandhinagar India Engn Coll Ajmer Dept Comp Sci & Engn Ajmer Rajasthan India 

出 版 物：《SCIENTIFIC REPORTS》 (Sci. Rep.)

年 卷 期：2025年第15卷第1期

页      面：1-16页

核心收录：

基　　金：Manipal Academy of Higher Education  Manipal 

主　　题：Dynamic Code Reflection API Android Malware Application Security 

摘      要：To combat dynamically loaded code in anti-emulated environments, DLCDroid is an Android app analysis framework. DL-CDroid uses the reflection API to effectively identify information leaks due to dynamically loaded code within malicious apps, incorporating static and dynamic analysis techniques. The Dynamically Loaded Code (DLC) technique employs Java features to allow Android apps to dynamically expand their functionality at runtime. Unfortunately, malicious app developers often exploit DLC techniques to transform seemingly benign apps into malware once installed on real devices. Even the most sophisticated static analysis tools struggle to detect data breaches caused by DLC. Our analysis demonstrates that conventional tools areill-equipped to handle DLC. DLCDroid leverages dynamic code interposition techniques for API hooking to expose concealed malicious behavior without requiring modifications to the Android framework. DLCDroid can unveil suspicious behavior that remains hidden when relying solely on static analysis. We evaluate DLCDroid s performance using a dataset comprising real-world benign and malware apps from reputed repositories like VirusShare and the Google Play Store. Compared to state-of-the-art approaches, the results indicate a significant improvement in detecting sensitive information leaks, more than 95.6% caused by reflection API. Furthermore, we enhance DLCDroid s functionality by integrating it with an event-based trigger solution, making the framework more scalable and fully automated in its analysis process.