An Anti-Fuzzing Approach for Android Apps
Date
2023-10-19
Authors
Cheng, Chris Chao-Chun
Lin, Li
Shi, Chen
Guan, Yong
Major Professor
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Springer Nature Switzerland AG 2023
Research Projects
Journal Issue
Series
Abstract
One of significant mobile app forensic analysis problems is the app evidence extraction from the device. Given the fact that mobile apps could generate more than 19K files in a device [6], simply manually inspecting every file is time consuming and may miss critical piece of evidence. A recent forensic analysis study [38] shows that fuzzing tools
(a.k.a. fuzzer), which programmatically produce interactions with mobile apps, can be helpful when they are paired with sandbox environments for studying the app’s runtime forensic behaviors, by which forensic practitioners summarize the patterns of evidential data (such as GPS coordinates) that could greatly help with future forensic investigation. However, we found there is no study of how reliable do fuzzing tools help with improving the efficiency of mobile app forensic analysis.
We, therefore, propose AFuzzShield, which aims at verifying the mobile app program coverage under the scenario when the app has the anti-fuzzing technologies applied. By analyzing the runtime information of mobile app interaction traces, it can prevent real-world apps from being exercised by fuzzers and minimizes the overhead of human usages. Our proposed approach exploits a statistical model to distinguish the difference between fuzzer and human patterns, and therefore it does not require graphical user interface (GUI) injections and is compatible with any real-world apps with touchable/clickable GUIs. We evaluate AFuzzShield on apps from AndroTest, a popular benchmark app dataset for testing various fuzzers, and the results demonstrate that, the mobile app program coverage can be significantly affected when it has anti-fuzzing technique, AFuzzShield, deployed, which results in missing mobile app evidential data patterns in the analysis (e.g. 70% of apps show promising results when having AFuzzShield applied under Monkey).
We, therefore, propose AFuzzShield, which aims at verifying the mobile app program coverage under the scenario when the app has the anti-fuzzing technologies applied. By analyzing the runtime information of mobile app interaction traces, it can prevent real-world apps from being exercised by fuzzers and minimizes the overhead of human usages. Our proposed approach exploits a statistical model to distinguish the difference between fuzzer and human patterns, and therefore it does not require graphical user interface (GUI) injections and is compatible with any real-world apps with touchable/clickable GUIs. We evaluate AFuzzShield on apps from AndroTest, a popular benchmark app dataset for testing various fuzzers, and the results demonstrate that, the mobile app program coverage can be significantly affected when it has anti-fuzzing technique, AFuzzShield, deployed, which results in missing mobile app evidential data patterns in the analysis (e.g. 70% of apps show promising results when having AFuzzShield applied under Monkey).
Comments
This is a manuscript of a proceeding published as Cheng, C.CC., Lin, L., Shi, C., Guan, Y. (2023). An Anti-Fuzzing Approach for Android Apps. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIX. DigitalForensics 2023. IFIP Advances in Information and Communication Technology, vol 687. Springer, Cham. https://doi.org/10.1007/978-3-031-42991-0_3. © 2023 IFIP International Federation for Information Processing. Posted with permission of CSAFE.