Visible to the public Countermeasure Against Anti-Sandbox Technology Based on Activity Recognition

TitleCountermeasure Against Anti-Sandbox Technology Based on Activity Recognition
Publication TypeConference Paper
Year of Publication2022
AuthorsYang, Jin, Liu, Yunqing
Conference Name2022 3rd International Conference on Computer Vision, Image and Deep Learning & International Conference on Computer Engineering and Applications (CVIDL & ICCEA)
Date Publishedmay
Keywordsacceleration sensor, activity recognition, anti-sandbox, Behavioral sciences, Classification algorithms, CNN-LSTM, Collaboration, composability, Data models, hook, Malware, policy governance, privacy, pubcrawl, Sandboxing, virtualization
AbstractIn order to prevent malicious environment, more and more applications use anti-sandbox technology to detect the running environment. Malware often uses this technology against analysis, which brings great difficulties to the analysis of applications. Research on anti-sandbox countermeasure technology based on application virtualization can solve such problems, but there is no good solution for sensor simulation. In order to prevent detection, most detection systems can only use real device sensors, which brings great hidden dangers to users' privacy. Aiming at this problem, this paper proposes and implements a sensor anti-sandbox countermeasure technology for Android system. This technology uses the CNN-LSTM model to identify the activity of the real machine sensor data, and according to the recognition results, the real machine sensor data is classified and stored, and then an automatic data simulation algorithm is designed according to the stored data, and finally the simulation data is sent back by using the Hook technology for the application under test. The experimental results show that the method can effectively simulate the data characteristics of the acceleration sensor and prevent the triggering of anti-sandbox behaviors.
DOI10.1109/CVIDLICCEA56201.2022.9824025
Citation Keyyang_countermeasure_2022