114 research outputs found
Detecting Repackaged Android Applications Using Perceptual Hashing
The last decade has shown a steady rate of Android device dominance in market share and the emergence of hundreds of thousands of apps available to the public. Because of the ease of reverse engineering Android applications, repackaged malicious apps that clone existing code have become a severe problem in the marketplace. This research proposes a novel repackaged detection system based on perceptual hashes of vetted Android apps and their associated dynamic user interface (UI) behavior. Results show that an average hash approach produces 88% accuracy (indicating low false negative and false positive rates) in a sample set of 4878 Android apps, including 2151 repackaged apps. The approach is the first dynamic method proposed in the research community using image-based hashing techniques with reasonable performance to other known dynamic approaches and the possibility for practical implementation at scale for new applications entering the Android market
Enter Sandbox: Android Sandbox Comparison
Expecting the shipment of 1 billion Android devices in 2017, cyber criminals
have naturally extended their vicious activities towards Google's mobile
operating system. With an estimated number of 700 new Android applications
released every day, keeping control over malware is an increasingly challenging
task. In recent years, a vast number of static and dynamic code analysis
platforms for analyzing Android applications and making decision regarding
their maliciousness have been introduced in academia and in the commercial
world. These platforms differ heavily in terms of feature support and
application properties being analyzed. In this paper, we give an overview of
the state-of-the-art dynamic code analysis platforms for Android and evaluate
their effectiveness with samples from known malware corpora as well as known
Android bugs like Master Key. Our results indicate a low level of diversity in
analysis platforms resulting from code reuse that leaves the evaluated systems
vulnerable to evasion. Furthermore the Master Key bugs could be exploited by
malware to hide malicious behavior from the sandboxes.Comment: In Proceedings of the Third Workshop on Mobile Security Technologies
(MoST) 2014 (http://arxiv.org/abs/1410.6674
A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks
Android platform security is an active area of research where malware detection techniques continuously evolve to identify novel malware and improve the timely and accurate detection of existing malware. Adversaries are constantly in charge of employing innovative techniques to avoid or prolong malware detection effectively. Past studies have shown that malware detection systems are susceptible to evasion attacks where adversaries can successfully bypass the existing security defenses and deliver the malware to the target system without being detected. The evolution of escape-resistant systems is an open research problem. This paper presents a detailed taxonomy and evaluation of Android-based malware evasion techniques deployed to circumvent malware detection. The study characterizes such evasion techniques into two broad categories, polymorphism and metamorphism, and analyses techniques used for stealth malware detection based on the malware’s unique characteristics. Furthermore, the article also presents a qualitative and systematic comparison of evasion detection frameworks and their detection methodologies for Android-based malware. Finally, the survey discusses open-ended questions and potential future directions for continued research in mobile malware detection
- …