Overview
Explore the development of an Android malware analysis engine using Python in this EuroPython conference talk. Learn how to build an anti-virus engine by applying criminal law principles to create a malware scoring system. Discover the five stages of malicious activity detection, from permission requests to API call sequences. Gain insights into the Dalvik bytecode loader's design, which helps overcome obfuscation techniques. Follow a case study of Android malware analysis and understand how the engine neglects certain obfuscation methods. Acquire knowledge to boost malware analysis skills, extend the scoring system to other operating systems, and utilize open-source tools presented during the talk.
Syllabus
Introduction
Outline
Malware Scoring System
Crimes are Independence Events
Design Logic
Stage 4 Calling Sequence
Observation Techniques
Implementation
Referencing
KunYu Chen
Detailed Report
Malware Example
Source Code
Send SMS
Obfuscated
Malware Analysis
Source Code Analysis
Mirror Analysis
Future Work
Thank You
Conclusion
Taught by
EuroPython Conference