Skip to content
View ProMal4Android's full-sized avatar

Block or report ProMal4Android

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ProMal4Android/README.md

ProMal

ProMal, a tool used to analyze malicious applications, can automatically extract Malicious Behaviors Trajectory (i.e., MBT) from malware and describe them in a human-readable way to inform users of malicious behaviors and remind users of potential security threats in detail.

Our Advantages

ProMal not only performs well in MBT extraction but also has ability to generate comprehensive descriptions. Most importantly, it can generate more precise and informative descriptions than XMal or family classification. In conclusion, ProMal has the following advantages:

  • Precise and Fine-grained. The approach should precisely identify MBTs from malware, which has richer semantic information in terms of understanding malware behaviors.
  • Scalable. The approach is designed to be scalable and capable of addressing various types of malware and variants, especially adapting to the rapid iteration of malware.
  • Human-readable. The malware description should be easily readable, facilitating user acceptance and understanding of how malicious behaviors are implemented.

Use Case

  • input: the malware you want to analyze. Taking malware AceCard0 as an example.
  • output: the descriptions that describe which malware operations are performed by malicious software and how malicious behaviors are completed step by step. As shown in the following figure. image

Tool Demo

Additionally, we have developed an online website as shown below to help security analysts or users more easily analyze malware (you can click here to get web pages). After users uploading their malware, in addition to the basic information, the website can also provides users with three aspects of malware analysis:

  • Key Features. Key feature related to the realization of malicious behavior, including sensitive APIs, API-related permissions and some vital intents and string constants.
  • Malicious Behavior Trajectories. All MBT used to implement malicious behaviors.
  • Malware Descriptions. Since the description is generated by the LLM, we simultaneously generate three paragraphs of description and design a user feedback mechanism to optimize the generated effect.
image

We will always maintain and upgrade the website. Moreover, we use a demo to show the general flow of our tool and record a demo video. Note that we have hidden all the identity-related information and datas in the video does not represent the final implementation effect. Since the video size is limited to 10M, it is a pity that we cannot provide a more detailed and richer display.

Demo_video.mp4

Popular repositories Loading

  1. ProMal4Android ProMal4Android Public

    HTML