DroidNative: Automating and optimizing detection of Android native code malware variants
作者: Shahid Alam , Zhengyang Qu , Ryan Riley , Yan Chen , Vaibhav Rastogi
DOI: 10.1016/J.COSE.2016.11.011
关键词:
摘要: According to the Symantec and F-Secure threat reports, mobile malware development in 2013 2014 has continued focus almost exclusively (~99%) on Android platform. Malware writers are applying stealthy mutations (obfuscations) create variants, thwarting detection by signature-based detectors. In addition, plethora of more sophisticated detectors making use static analysis techniques detect such variants operate only at bytecode level, meaning that embedded native code goes undetected. A recent study shows 86% most popular applications contain code, a plausible vector. This paper proposes DroidNative, an detector uses specific control flow patterns reduce effect obfuscations provides automation. As far as we know, DroidNative is first system builds cross-platform (x86 ARM) semantic-based signatures allowing either or code. When tested with dataset 5490 samples, achieves rate (DR) 93.57% false positive 2.7%. traditional it DR 99.48%, compared DRs academic commercial tools range from 8.33% 93.22%.
qu.edu.qa参考文章(53)
Fu Song, Tayssir Touili, Efficient Malware Detection Using Model-Checking formal methods. pp. 418- 433 ,(2012) , 10.1007/978-3-642-32759-9_34
Xin Sun, Yibing Zhongyang, Zhi Xin, Bing Mao, Li Xie, Detecting Code Reuse in Android Applications Using Component-Based Control Flow Graph ICT Systems Security and Privacy Protection. pp. 142- 155 ,(2014) , 10.1007/978-3-642-55415-5_12
Chao Yang, Zhaoyan Xu, Guofei Gu, Vinod Yegneswaran, Phillip Porras, DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications european symposium on research in computer security. pp. 163- 182 ,(2014) , 10.1007/978-3-319-11203-9_10
Ravi Sethi, Jeffrey D. Ullman, Alfred V. Aho, Compilers: Principles, Techniques, and Tools ,(1986)
Fanglu Guo, Peter Ferrie, Tzi-cker Chiueh, A Study of the Packer Problem and Its Solutions recent advances in intrusion detection. pp. 98- 115 ,(2008) , 10.1007/978-3-540-87403-4_6
Hyunjae Kang, Jae-wook Jang, Aziz Mohaisen, Huy Kang Kim, None, Detecting and classifying android malware using static analysis along with creator information International Journal of Distributed Sensor Networks. ,vol. 2015, pp. 479174- ,(2015) , 10.1155/2015/479174
Min Zheng, Patrick P. C. Lee, John C. S. Lui, ADAM: an automatic and extensible platform to stress test android anti-virus systems international conference on detection of intrusions and malware and vulnerability assessment. pp. 82- 101 ,(2012) , 10.1007/978-3-642-37300-8_5
Vassil Roussev, Data Fingerprinting with Similarity Digests international conference on digital forensics. pp. 207- 226 ,(2010) , 10.1007/978-3-642-15506-2_15
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
Christian Collberg, Douglas Low, C. Thomborson, A Taxonomy of Obfuscating Transformations Department of Computer Science, The University of Auckland, New Zealand. ,(1997)