short-paper

DroidChameleon: evaluating Android anti-malware against transformation attacks

Authors:

Vaibhav Rastogi,

Xuxian JiangAuthors Info & Claims

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Pages 329 - 334

https://doi.org/10.1145/2484313.2484355

Published: 08 May 2013 Publication History

Abstract

Mobile malware threats have recently become a real concern. In this paper, we evaluate the state-of-the-art commercial mobile antimalware products for Android and test how resistant they are against various common obfuscation techniques (even with known malware). Such an evaluation is important for not only measuring the available defense against mobile malware threats but also proposing effective, next-generation solutions. We developed DroidChameleon, a systematic framework with various transformation techniques, and used it for our study. Our results on ten popular commercial anti-malware applications for Android are worrisome: none of these tools is resistant against common malware transformation techniques. Moreover, the transformations are simple in most cases and anti-malware tools make little effort to provide transformation-resilient detection. Finally, in the light of our results, we propose possible remedies for improving the current state of malware detection on mobile devices.

References

[1]

Android-apktool: A tool for reengineering Android apk files. http://code.google.com/p/android-apktool/.

[2]

Test: Malware Protection for Android, March 2012. http://www.av-test.org/en/tests/android/.

[3]

DroidKungFu. http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html.

[4]

Zelix Klassmaster. http://www.zelix.com/klassmaster/.

[5]

ProGuard. http://proguard.sourceforge.net/.

[6]

Smali: An assembler/disassembler for Android's dex format. http://code.google.com/p/smali/.

[7]

I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani. Crowdroid: behavior-based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 2011.

Digital Library

[8]

M. Christodorescu and S. Jha. Testing malware detectors. In Proceedings of the ACM SIGSOFT international symposium on Software testing and analysis, 2004.

Digital Library

[9]

M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. Semantics-aware malware detection. In Security and Privacy, 2005 IEEE Symposium on, 2005.

Digital Library

[10]

M. Christodorescu, S. Jha, and C. Kruegel. Mining specifications of malicious behavior. In Proceedings of the the 6th ACM ESEC-FSE, 2007.

Digital Library

[11]

CNET, February 2013. http://news.cnet.com/8301-1035_3-57569402-94/android-ios-combine-for-91-percent-of-market/.

[12]

C. Collberg, C. Thomborson, and D. Low. A taxonomy of obfuscating transformations. Technical report, Department of Computer Science, The University of Auckland, New Zealand, 1997.

[13]

F-Secure. Mobile Threat Report Q3 2012. http://www.f-secure.com/static/doc/labs_global/Research/Mobile%20Threat%20Report%20Q3%202012.pdf.

[14]

M. Fredrikson, S. Jha, M. Christodorescu, R. Sailer, and X. Yan. Synthesizing near-optimal malware specifications from suspicious behaviors. In Security and Privacy (SP), 2010 IEEE Symposium on, 2010.

Digital Library

[15]

M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang. Riskranker: scalable and accurate zero-day android malware detection. In Proceedings of the 10th international conference on Mobile systems, applications, and services, MobiSys '12, 2012.

Digital Library

[16]

L. Harris and B. Miller. Practical analysis of stripped binary code. ACM SIGARCH Computer Architecture News, 33(5): 63--68, 2005.

Digital Library

[17]

C. Kolbitsch, P. Comparetti, C. Kruegel, E. Kirda, X. Zhou, and X. Wang. Effective and efficient malware detection at the end host. In Proceedings of the 18th conference on USENIX security symposium, 2009.

Digital Library

[18]

H. Lockheimer. Android and security, February 2012. http://googlemobile.blogspot.com/2012/02/android-and-security.html.

[19]

Lookout. Geinimi Trojan Technical Analysis. http://blog.mylookout.com/blog/2011/01/07/geinimi-trojan-technical-analysis/.

[20]

Y. Nadji, J. Giffin, and P. Traynor. Automated remote repair for mobile malware. In Proceedings of the 27th Annual Computer Security Applications Conference, 2011.

Digital Library

[21]

J. Oberheide. Dissecting android's bouncer, June 2012. https://blog.duosecurity.com/2012/06/dissecting-androids-bouncer/.

[22]

M. Parkour. Contagio Mobile. Mobile Malware Mini Dump. http://contagiominidump.blogspot.com/.

[23]

H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using probabilistic generative models for ranking risks of android apps. In Proceedings of the 2012 ACM conference on Computer and communications security, 2012.

Digital Library

[24]

V. Rastogi, Y. Chen, and W. Enck. AppsPlayground: Automatic Security Analysis of Smartphone Applications. In Proceedings of ACM CODASPY 2013, February 2013.

Digital Library

[25]

P. Saxena, R. Sekar, and V. Puranik. Efficient fine-grained binary instrumentationwith applications to taint-tracking. In Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization, 2008.

Digital Library

[26]

Symantec. Server-side Polymorphic Android Applications. http://www.symantec.com/connect/blogs/server-side-polymorphic-androidapplications.

[27]

R. Whitwam. Circumventing Google's Bouncer, Android's anti-malware system, June 2012. http://www.extremetech.com/computing/130424-circumventing-googlesbouncer-androids-anti-malware-system.

[28]

M. Zheng, P. Lee, and J. Lui. Adam: An automatic and extensible platform to stress test android anti-virus systems. DIMVA, July 2012.

Digital Library

[29]

Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. Security and Privacy, IEEE Symposium on, 2012.

Digital Library

[30]

Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proceedings of the 19th Network and Distributed System Security Symposium, 2012.

Cited By

Gencer KBasciftci F(2024)Android Ransomware Detection System using Feature Selection with Bootstrap Aggregating MARSJournal of Emerging Computer Technologies10.57020/ject.15289654:1(38-45)Online publication date: 18-Sep-2024
https://doi.org/10.57020/ject.1528965
Xu YLi DLi QXu S(2024)Malware Evasion Attacks Against IoT and Other Devices: An Empirical StudyTsinghua Science and Technology10.26599/TST.2023.901000529:1(127-142)Online publication date: Feb-2024
https://doi.org/10.26599/TST.2023.9010005
Galloway TKarakolios KMa ZPerdisci RKeromytis AAntonakakis M(2024)Practical Attacks Against DNS Reputation Systems2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00266(4516-4534)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00266
Show More Cited By

Index Terms

DroidChameleon: evaluating Android anti-malware against transformation attacks
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security

Recommendations

Smart malware detection on Android

Nowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current ...
An HMM and structural entropy based detector for Android malware

Smartphones are becoming more and more popular and, as a consequence, malware writers are increasingly engaged to develop new threats and propagate them through official and third-party markets. In addition to the propagation vectors, malware is also ...
Talos: no more ransomware victims with formal methods

Ransomware is a very effective form of malware that is recently spreading out on an impressive number of workstations and smartphones. This malware blocks the access to the infected machine or to the files located in the infected machine. The attackers ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

May 2013

574 pages

ISBN:9781450317672

DOI:10.1145/2484313

General Chairs:
Kefei Chen
Shanghai Jiao Tong University, China
,
Qi Xie
Hangzhou Normal University, China
,
Weidong Qiu
Shanghai Jiao Tong University, China
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Wen-Guey Tzeng
National Chiao Tung University, Taiwan

Copyright � 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 May 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

ASIA CCS '13

Sponsor:

SIGSAC

ASIA CCS '13: 8th ACM Symposium on Information, Computer and Communications Security

May 8 - 10, 2013

Hangzhou, China

Acceptance Rates

ASIA CCS '13 Paper Acceptance Rate 35 of 216 submissions, 16%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

246
Total Citations
View Citations
1,705
Total Downloads

Downloads (Last 12 months)40
Downloads (Last 6 weeks)2

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gencer KBasciftci F(2024)Android Ransomware Detection System using Feature Selection with Bootstrap Aggregating MARSJournal of Emerging Computer Technologies10.57020/ject.15289654:1(38-45)Online publication date: 18-Sep-2024
https://doi.org/10.57020/ject.1528965
Xu YLi DLi QXu S(2024)Malware Evasion Attacks Against IoT and Other Devices: An Empirical StudyTsinghua Science and Technology10.26599/TST.2023.901000529:1(127-142)Online publication date: Feb-2024
https://doi.org/10.26599/TST.2023.9010005
Galloway TKarakolios KMa ZPerdisci RKeromytis AAntonakakis M(2024)Practical Attacks Against DNS Reputation Systems2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00266(4516-4534)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00266
Gu JZhu HHan ZLi XZhao J(2024)GSEDroidComputers and Security10.1016/j.cose.2024.103807140:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103807
Niu WZhang XYan RGong JNiu WZhang XYan RGong J(2024)Feature Code Based Android Malware Detection MethodAndroid Malware Detection and Adversarial Methods10.1007/978-981-97-1459-9_2(23-42)Online publication date: 4-Mar-2024
https://doi.org/10.1007/978-981-97-1459-9_2
Mogiligidda SMedishetty SThuvva ADhone M(2024)Identifying Malicious Software on Android Devices Through Genetic Algorithm-Driven Feature Selection and Machine LearningAdvances in Computational Intelligence10.1007/978-3-031-70001-9_6(69-83)Online publication date: 25-Aug-2024
https://doi.org/10.1007/978-3-031-70001-9_6
Javeed DGao TJamil Z(2023)Artificial Intelligence (AI)-based Intrusion Detection System for IoT-enabled NetworksProtecting User Privacy in Web Search Utilization10.4018/978-1-6684-6914-9.ch014(269-289)Online publication date: 3-Mar-2023
https://doi.org/10.4018/978-1-6684-6914-9.ch014
Faruki PBhan RJain VBhatia SEl Madhoun NPamula R(2023)A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection FrameworksInformation10.3390/info1407037414:7(374)Online publication date: 30-Jun-2023
https://doi.org/10.3390/info14070374
Babaagba KWylie JSilva SPaquete L(2023)An Evolutionary based Generative Adversarial Network Inspired Approach to Defeating Metamorphic MalwareProceedings of the Companion Conference on Genetic and Evolutionary Computation10.1145/3583133.3596362(1753-1759)Online publication date: 15-Jul-2023
https://dl.acm.org/doi/10.1145/3583133.3596362
Chen LZhang TMa YChen M(2023)Monitoring method of API encryption parameter tamper attack based on deep learningSixth International Conference on Intelligent Computing, Communication, and Devices (ICCD 2023)10.1117/12.2682859(28)Online publication date: 16-Jun-2023
https://doi.org/10.1117/12.2682859
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents