A University of Texas at Arlington computer scientist is using a three-year grant worth nearly $500,000 from the National Science Foundation to create virtual “sandbox” environments that allow computer security professionals to analyze Android malware without being detected by the code or its creators.
Jiang Ming, assistant professor in computer science and engineering is developing container-based virtualization architecture. This allows Jiang Ming to isolate potential malware on up eight virtual phones in an environment that allows for analysis. The goal is to thwart malware that’s capable of detecting sandboxes and shutting itself down to prevent analysis.
Ming will create an “out-of-the-box” design to ensure all virtualization activities run outside of the virtual phone.
Android emulators and bare metal machines are currently the two main controlled environments for Android malware analysis. While Android emulators are fast and economically efficient for malware analysis, their virtualization techniques are fundamentally different than real devices. Malware can detect them. Bare-metal devices, also known as physical devices, are not able to create custom analysis environments and produce limited malware analysis.
“Security professionals may know a piece of code is suspicious and want to collect its characteristics and signature, so they put it in a box where it will exhibit its actual behaviors,” Ming said. “This allows them to act upon the malware and prevent it from doing any damage. Container-based virtualization fools malware into thinking that it’s in a real environment so that it continues to run and show those characteristics.”
Ming’s extensive research is creating a safer, more secure online environment, said Hong Jiang, chair of UTA’s Computer Science and Engineering Department.
“Malware is a major problem for companies, and it is difficult for information security professionals to stay ahead of the people who create it,” Jiang said. “Dr. Ming’s previous work on malware detection has already made a difference, and this new grant will allow companies to create more robust defenses against future attacks.”
– Written and edited by Jeremy Agor, College of Engineering