Mobile Malware Analysis Subtaxonomy

Version 2.0 March 2016. Part of Mobile Security Taxonomy

Gürol Canbek, Seref Sagiroglu, and Nazife Baykal, 2016. New Comprehensive Taxonomies on Mobile Security and Malware Analysis.
Designed by Gürol Canbek, All Rights Reserved. Contact:
Click the node to scroll to its text representation

Imagemap

Mobile Malware AnalysisDynamic Analysis a.k.a Behavioral-Based  ...Behavior PatternsNetwork SignatureCodeCall Graph (Dynamic)System CallsDependency Graph (Dynamic)Anomaly DetectionMetricsNetwork Activity a.k.a Internet TrafficBattery ConsumptionCPU Usage Memory UsageRunning ProcessesOS OperationsFile AccessUser Device UsageGUI InteractionsKeyboardTouchscreenCommunication FrequencyCallsSMSsE-mailsSensor UsageScopeOn deviceCollaborativeMethodsSmoothing FunctionLeaky BucketMoving AverageNoise FilteringData CompressionTime Series AnalysisTemporal Logic of Causal Knowledge (TLCK ...Knowledge-Based Tempral Abstraction (KBT ...Finite State Machine (FSM)Pushdown Automata (PDA)Dynamic Threshold Calculation (DTC)ClassificationApproachesExpert SystemReview TriagingMethodologiesWhitelistingBlacklistingSignature-BasedHeuristic-BasedRule-BasedManualEvent CorrelationStatisticalDatasetsAndroidAndroid Malware Genome ProjectContagio MobileThe Drebin DatasetAndroTrackerAndroMalShareMalware.luMalwares.comVirusShareVirusTotalMalware Author ToolsAnti-DebugAnti-DecompileAnti-Runtime InjectionAnti-TamperEncryptorObfuscatorPackerTamper DetectionToolkitsUnpackerVM DetectionAnti-Analysis (Counter Measures)ObfuscationName (class, method, variable, etc)Code Insertion/DeletionCode ReorderingEquivalent Code SubstitutionMethod InliningOutline to MethodMethod CloningUnrolling LoopBranch Inversion/FlippingSensitive API hidingFlowNoiseGarbage (Redundant, Junk) instructions a ...(Semantic) NOP/NOOPUnused functionsagainst Dynamic AnalysisEmulator/Sandbox DetectionFabricated content recognitionLaying DormantAntimalware DetectionData Encryption in Communicationagainst Malware AnalysisAnti Reverse EngineeringAnti DecompileAnti DebugPacking (compression or encryption)StringBinary (Dynamic/Runtime Packer)ClassAssetCodeNative libraryStatic AnalysisBinaryByte N-gramCode (+Bytecode)Data Flow Analysis (DFA) a.k.a Taint Pro ...Control Flow Analysis (CFA)Type AnalysisSymbolic ExecutionPoints-To AnalysisStructural AnalysisAPI CallsCall Graph (Static)Semantic AnalysisDependency Graph (Static)Class Dependency GraphFunction call graphEntry/Exit Point AnalysisProgram SlicingAnalysis OperationsTracking Malware AuthorsDeobfuscating StringsSelf-decodingManual programmingSignatures a.k.a FingerprintingHashingBinary PatternChallengesCommon Code on Malicious and Benign Appl ...Computation Cost (on Device or on Cloud)See machine learning problemsAnalysts Tools(Analyse) SandboxData FlowApp PentestDebuggingAssemblerDecompilerAutomated Runtime AnalyzerDevice EmulatorBinary AnalyzerDissassemblerBinary EditorDynamic AnalysisControl FlowFirmware FlasherCall GraphForensics AnalyzerIDEMalware AnalysisMalware ScannerMalware Scanner AggregatorsMalware Scanner VisualizerMonkey or AutomationNetwork packet analyzerParserVirus Scanners (57)Performance AnalyzerTools (Android, Java, iOS, Windows) Tota ...Reverse EngineeringStatic AnalysisStatic Code AnalysisToolkitsSystem monitorUnpackerVulnerability AnalysisAnti-Anti-Analysis (Counter Counter Meas ...Anti Emulator DetectionObfuscation DetectionEntropy Analysis

hide
Mobile Malware Analysis
hide