Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks

@article{Rastogi2014CatchMI,
  title={Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks},
  author={Vaibhav Rastogi and Yan Chen and Xuxian Jiang},
  journal={IEEE Transactions on Information Forensics and Security},
  year={2014},
  volume={9},
  pages={99-108}
}
Mobile malware threats (e.g., on Android) have recently become a real concern. In this paper, we evaluate the state-of-the-art commercial mobile anti-malware products for Android and test how resistant they are against various common obfuscation techniques (even with known malware). Such an evaluation is important for not only measuring the available defense against mobile malware threats, but also proposing effective, next-generation solutions. We developed DroidChameleon, a systematic… Expand
LOW PRICE GUARANTEED Catch Me If You Can : Evaluating Android Anti-Malware Against Transformation Attacks
Mobile malware threats (e.g., on Android) have recently become a real concern. In this paper, we evaluate the state-of-the-art commercial mobile anti-malware products for Android and test howExpand
Stealth attacks: An extended insight into the obfuscation effects on Android malware
TLDR
A deeper static (or dynamic) analysis of the application is needed to improve the robustness of anti-malware systems, and it is claimed that more complex changes to the application executable have proved to be still effective against detection. Expand
Obfuscation Techniques against Signature-Based Detection: A Case Study
TLDR
Evaluating the robustness of Android antimalware tools when various evasion techniques are used to obfuscate malicious payloads demonstrates that malware detection methods must be quickly re-designed for protecting successfully smart devices. Expand
Mystique: Evolving Android Malware for Auditing Anti-Malware Tools
TLDR
This paper proposes a meta model for Android malware to capture the common attack features and evasion features in the malware, and develops a framework, MYSTIQUE, to automatically generate malware covering four attack Features and two evasion features, by adopting the software product line engineering approach. Expand
Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique
TLDR
Experimental results on real-world devices show that existing AMTs are incapable of detecting most of the generated malware, and the approach, named Mystique-S, is implemented, as a service-oriented malware generation system. Expand
Lightweight versus obfuscation-resilient malware detection in android applications
TLDR
Evaluation of ORDroid shows that, considering the overall accuracy of both test and transformed data, the model is the best comparing to the most related methods with the accuracy of 98.07% on the normal and 93.00%" on the transformed data. Expand
Design and implementation of robust systems for secure malware detection
TLDR
This work presents two main case studies, concerning the detection of PDF and Android malware, and proposes a methodology to build a powerful mobile fingerprinting system, and examines possible attacks with which users might be able to evade it, thus preserving their privacy. Expand
A Review on Android Malware: Attacks, Countermeasures and Challenges Ahead
TLDR
This survey converges on Android malware and covers a walkthrough of the various obfuscation attacks deployed during malware analysis phase along with the myriad of adversarial attacks operated at malware detection phase. Expand
Evaluating Analysis Tools for Android Apps: Status Quo and Robustness Against Obfuscation
TLDR
This work briefly describes assumptions analysis tools rely on to detect malicious content and behavior, and presents results of a new obfuscation framework that aims to break such assumptions, thus modifying Android apps to avoid them being analyzed by the targeted systems. Expand
DroidMorph: Are We Ready to Stop the Attack of Android Malware Clones?
TLDR
A new tool named DroidMorph is presented, that provides morphing of Android applications (APKs) at different level of abstractions, and can be used to create Android application (malware/benign) clones, and it is found that 8 out of 17 leading commercial anti-malware programs were not able to detect any of the morphed APKs. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 71 REFERENCES
DroidChameleon: evaluating Android anti-malware against transformation attacks
TLDR
This paper evaluates the state-of-the-art commercial mobile antimalware products for Android and test how resistant they are against various common obfuscation techniques and proposes possible remedies for improving the current state of malware detection on mobile devices. Expand
ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems
TLDR
ADAM is an automated and extensible system that can evaluate, via large-scale stress tests, the effectiveness of anti-virus systems against a variety of malware samples for the Android platform and can automatically transform an original malware sample to different variants via repackaging and obfuscation techniques in order to evaluate the robustness of different anti- VIRs against malware mutation. Expand
Testing malware detectors
TLDR
A technique based on program obfuscation is presented, geared towards evaluating the resilience of malware detectors to various obfuscation transformations commonly used by hackers to disguise malware, and it is discovered that these scanners are very poor. Expand
Effective and Efficient Malware Detection at the End Host
TLDR
A novel malware detection approach is proposed that is both effective and efficient, and thus, can be used to replace or complement traditional antivirus software at the end host. Expand
Dissecting Android Malware: Characterization and Evolution
TLDR
Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Expand
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
TLDR
A permissionbased behavioral footprinting scheme to detect new samples of known Android malware families and a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malicious families are proposed. Expand
Semantics-aware malware detection
TLDR
Experimental evaluation demonstrates that the malware-detection algorithm can detect variants of malware with a relatively low run-time overhead and the semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers. Expand
RiskRanker: scalable and accurate zero-day android malware detection
TLDR
An automated system called RiskRanker is developed to scalably analyze whether a particular app exhibits dangerous behavior and is used to produce a prioritized list of reduced apps that merit further investigation, demonstrating the efficacy and scalability of riskRanker to police Android markets of all stripes. Expand
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
TLDR
This paper presents an automatic technique for extracting optimally discriminative specifications, which uniquely identify a class of programs, which can be used by a behavior-based malware detector. Expand
Crowdroid: behavior-based malware detection system for Android
TLDR
The method is shown to be an effective means of isolating the malware and alerting the users of a downloaded malware, showing the potential for avoiding the spreading of a detected malware to a larger community. Expand
...
1
2
3
4
5
...