DroidChameleon: evaluating Android anti-malware against transformation attacks

@inproceedings{Rastogi2013DroidChameleonEA,
  title={DroidChameleon: evaluating Android anti-malware against transformation attacks},
  author={Vaibhav Rastogi and Yan Chen and Xuxian Jiang},
  booktitle={ASIA CCS '13},
  year={2013}
}
Mobile malware threats have recently become a real concern. In this paper, we evaluate the state-of-the-art commercial mobile antimalware products for Android and test how resistant they are against various common obfuscation techniques (even with known malware). Such an evaluation is important for not only measuring the available defense against mobile malware threats but also proposing effective, next-generation solutions. We developed DroidChameleon, a systematic framework with various… Expand
Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks
TLDR
This paper evaluates the state-of-the-art commercial mobile anti-malware products for Android and test how resistant they are against various common obfuscation techniques (even with known malware), and proposes possible remedies for improving the current state of malware detection on mobile devices. Expand
Effectiveness of Android Obfuscation on Evading Anti-malware
TLDR
This work verified the trend of transformed malware in evading detection, with a larger and more updated database of known malware, and proved that current mainstream AMTs do not build up resilience against obfuscation methods, but instead try to update the signature database on created variants. Expand
Stealth attacks: An extended insight into the obfuscation effects on Android malware
TLDR
A deeper static (or dynamic) analysis of the application is needed to improve the robustness of anti-malware systems, and it is claimed that more complex changes to the application executable have proved to be still effective against detection. Expand
Testing Android Anti-Malware against Malware Obfuscations
TLDR
Researchers have evaluated the strength of different commercial antimalware tools by passing the transformed malware samples to them and found that all the antimalWARE tools can be evaded by applying either a single transformation or combination of transformations. Expand
Mystique: Evolving Android Malware for Auditing Anti-Malware Tools
TLDR
This paper proposes a meta model for Android malware to capture the common attack features and evasion features in the malware, and develops a framework, MYSTIQUE, to automatically generate malware covering four attack Features and two evasion features, by adopting the software product line engineering approach. Expand
A Deep Camouflage: Evaluating Android’s Anti-malware Systems Robustness Against Hybridization of Obfuscation Techniques with Injection Attacks
TLDR
The obtained results showed that the detection accuracy of most tested anti-malware systems dropped to about 10% or less, and the average number of engines which was able to detect malware samples decreased from 45 engines when the original dataset has been tested to about 12 engine when the camouflaged datasets have been tested. Expand
Rage against the virtual machine: hindering dynamic analysis of Android malware
TLDR
A broad range of anti-analysis techniques that malware can employ to evade dynamic analysis in emulated Android environments are presented and possible countermeasures are proposed to improve the resistance of current dynamic analysis tools against evasion attempts. Expand
Testing android malware detectors against code obfuscation: a systematization of knowledge and unified methodology
TLDR
The unified workflow is intended to be used by anti-virus developers and vendors to test the resilience of their products against a large dataset of malware samples and obfuscations, and to obtain insights on how to improve their products with respect to particular classes of code-transformation attacks. Expand
Uncovering the Dilemmas on Antivirus Software Design in Modern Mobile Platforms
TLDR
This work performed a comprehensive study on ten popular Android AVDs to evaluate the effectiveness of their scanning operations and identified the design dilemmas related to two types of malware scanning operations, namely local malware scan and cloud-based malware scan. Expand
Android Anti-malware Against Transformation Attacks
popular and useful operating system for mobile. Attack of malware threats have recently became a real problem in smartphone.In this paper, we have stated a simple and high efficient technique forExpand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 33 REFERENCES
ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems
TLDR
ADAM is an automated and extensible system that can evaluate, via large-scale stress tests, the effectiveness of anti-virus systems against a variety of malware samples for the Android platform and can automatically transform an original malware sample to different variants via repackaging and obfuscation techniques in order to evaluate the robustness of different anti- VIRs against malware mutation. Expand
Dissecting Android Malware: Characterization and Evolution
TLDR
Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Expand
Testing malware detectors
TLDR
A technique based on program obfuscation is presented, geared towards evaluating the resilience of malware detectors to various obfuscation transformations commonly used by hackers to disguise malware, and it is discovered that these scanners are very poor. Expand
Effective and Efficient Malware Detection at the End Host
TLDR
A novel malware detection approach is proposed that is both effective and efficient, and thus, can be used to replace or complement traditional antivirus software at the end host. Expand
Semantics-aware malware detection
TLDR
Experimental evaluation demonstrates that the malware-detection algorithm can detect variants of malware with a relatively low run-time overhead and the semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers. Expand
Crowdroid: behavior-based malware detection system for Android
TLDR
The method is shown to be an effective means of isolating the malware and alerting the users of a downloaded malware, showing the potential for avoiding the spreading of a detected malware to a larger community. Expand
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
TLDR
This paper presents an automatic technique for extracting optimally discriminative specifications, which uniquely identify a class of programs, which can be used by a behavior-based malware detector. Expand
RiskRanker: scalable and accurate zero-day android malware detection
TLDR
An automated system called RiskRanker is developed to scalably analyze whether a particular app exhibits dangerous behavior and is used to produce a prioritized list of reduced apps that merit further investigation, demonstrating the efficacy and scalability of riskRanker to police Android markets of all stripes. Expand
Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets
TLDR
A permissionbased behavioral footprinting scheme to detect new samples of known Android malware families and a heuristics-based filtering scheme to identify certain inherent behaviors of unknown malicious families are proposed. Expand
Synthesizing near-optimal malware specifications from suspicious behaviors
TLDR
An automatic technique for extracting optimally discriminative specifications, which uniquely identify a class of programs, which can be used by a behavior-based malware detector and can be brought to bear on emerging malware-based threats for new platforms. Expand
...
1
2
3
4
...