Abstract
Dynamic analysis is a prominent approach in analyzing the behavior of Android apps. To perform dynamic analysis, we need an event generator to execute the app. Monkey is the most popular event generator that is used in Android dynamic analysis. Monkey provides high code coverage, and yet high speed in generating events. However, in the case of malware analysis, Monkey suffers from several limitations. It only considers UI events but no system events. Moreover, it causes disconnecting the connectivity of the test environment during the analysis process. In this paper, we try to enhance Monkey to reduce its limitations while preserving its advantages. The proposed approach includes preparing Monkey with a facility for handling system events and keeping the connectivity of the test environment up during the analysis process. To evaluate the extended version of Monkey, we compare it with its original version regarding two important criteria in the case of malware analysis: the number of called sensitive APIs, and the code coverage. The evaluation process uses 100 randomly selected samples from AMD malware dataset. The results show that enhanced Monkey improves its ability to trigger sensitive APIs, and increases its code coverage.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
