A University of Texas at Arlington computer scientist is using a three-year grant worth nearly $500,000 from the National Science Foundation to create virtual “sandbox” environments that allow computer security professionals to analyze Android malware without being detected by the code or its creators.
Jiang Ming, assistant professor of computer science and engineering, is creating container-based virtualization architecture, which allows him to isolate potential malware on up to eight virtual phones in a secure environment for analysis. The goal is to thwart malware that’s capable of detecting sandboxes and shutting itself down to prevent analysis.
Ming will create an “out-of-the-box” design to ensure all virtualization activities run outside of the virtual phone
Currently, Android emulators and bare-metal machines are two major controlled environments for Android malware analysis. Android emulators enable fast and economic malware analysis, but their underlying virtualization techniques are fundamentally different from real devices and malware will detect them. Bare-metal machines, or physical devices, do not have the flexibility to customize analysis environments and only produce limited malware analysis.
“Security professionals may know a piece of code is suspicious and want to collect its characteristics and signature, so they put it in a box where it will exhibit its actual behaviors,” Ming said. “This allows them to act upon the malware and prevent it from doing any damage. Container-based virtualization fools malware into thinking that it’s in a real environment so that it continues to run and show those characteristics.”
Ming’s extensive research is creating a safer, more secure online environment, said Hong Jiang, chair of UTA’s Computer Science and Engineering Department.
“Malware is a major problem for companies, and it is difficult for information security professionals to stay ahead of the people who create it,” Jiang said. “Dr. Ming’s previous work on malware detection has already made a difference, and this new grant will allow companies to create more robust defenses against future attacks.”