Automated Hybrid Analysis of Android Malware through Augmenting Fuzzing with Forced Execution

Xiaolei Wang, Yuexiang Yang, Sencun Zhu

Research output: Contribution to journalArticlepeer-review

18 Scopus citations


Automatically triggering malicious behaviors is an essential step to understand malware for developing effective solutions. Existing automated dynamic analysis approaches usually try to trigger the malicious behaviors by relying on simple fuzzing or complex input generation techniques (e.g., concolic execution). However, advanced malware often adopt various evasion techniques to hide malicious behaviors, e.g., by introducing complex condition checks which are very hard to trigger. In this paper, we propose a new approach named DirectDroid, which bypasses related checks through on-demand forced execution while adopting fuzzing to feed the necessary program input. In this way, many hidden malicious behaviors can be successfully triggered. To ensure the normal execution towards the malicious behaviors, DirectDroid also largely handles potential program crashes caused by forced execution. Finally, we implement a prototype of DirectDroid and evaluate it against 951 recent malware samples. Our experiment results show that DirectDroid can trigger many more malicious behaviors than several previous works, even when crashes happened. Our further analysis shows that DirectDroid has a low false positive rate even though it adopts forced execution.

Original languageEnglish (US)
Article number8576654
Pages (from-to)2768-2782
Number of pages15
JournalIEEE Transactions on Mobile Computing
Issue number12
StatePublished - Dec 1 2019

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Electrical and Electronic Engineering


Dive into the research topics of 'Automated Hybrid Analysis of Android Malware through Augmenting Fuzzing with Forced Execution'. Together they form a unique fingerprint.

Cite this