A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks

Android platform security is an active area of research where malware detection techniques continuously evolve to identify novel malware and improve the timely and accurate detection of existing malware. Adversaries are constantly in charge of employing innovative techniques to avoid or prolong malware detection effectively. Past studies have shown that malware detection systems are susceptible to evasion attacks where adversaries can successfully bypass the existing security defenses and deliver the malware to the target system without being detected. The evolution of escape-resistant systems is an open research problem. This paper presents a detailed taxonomy and evaluation of Android-based malware evasion techniques deployed to circumvent malware detection. The study characterizes such evasion techniques into two broad categories, polymorphism and metamorphism, and analyses techniques used for stealth malware detection based on the malware’s unique characteristics. Furthermore, the article also presents a qualitative and systematic comparison of evasion detection frameworks and their detection methodologies for Android-based malware. Finally, the survey discusses open-ended questions and potential future directions for continued research in mobile malware detection

MimeoDroid: Large Scale Dynamic App analysis on Cloned Devices using Machine Learning Classifiers.

International audienceThe exponential adoption of Android applications (apps) among the users has attracted malware authors to evade the default emulator based dynamic analysis systems. The evolving Android malware behaves benign once it identifies “Goldfish”, the standard emulator, an alibi of analysis systems. If a malware identifies the emulator, it changes the program execution flow and behaves benign, or stops malicious code execution to evade the analysis.The exponential increase in stealth malware necessitates a detection approach which coerces the malicious apps to reveal the hidden behavior. To detect malicious apps and characterize their association, we propose mimeoDroid (enriched replica of real Android device), a modified virtual emulator clone to coerce the malware believe being executed on real device. We automate relevant feature extraction and classification of Processor, memory usage, Binder IPC transfers, network interaction, battery status and requested permission features to detect malicious behavior using Tree based machine learning classifiers. MimeoDroid performs lightweight machine learning based malware analysis and characterization to detect mali- cious apps evading the existing analyzers

Network Intrusion Detection for IoT Security Based on Learning Techniques

International audienc

MimeoDroid: Large Scale Dynamic App Analysis on Cloned Devices via Machine Learning Classifiers

none5sinoneFaruki, Parvez; Zemmari, Akka; Gaur, Manoj Singh; Laxmi, Vijay; Conti, MauroFaruki, Parvez; Zemmari, Akka; Gaur, Manoj Singh; Laxmi, Vijay; Conti, Maur

SPARK: Secure Pseudorandom Key-based Encryption for Deduplicated Storage

Deduplication is a widely used technology to reduce the storage and communication cost for cloud storage services. For any cloud infrastructure, data confidentiality is one of the primary concerns. Data confidentiality can be achieved via user-side encryption. However, conventional encryption mechanism is at odds with deduplication. Developing a user-side encryption mechanism with deduplication is a vital research topic. Existing state-of-the-art solutions in security of deduplication are vulnerable to dictionary attacks and tag inconsistency anomaly. In this paper, we present SPARK, a novel approach for secure pseudorandom key-based encryption for deduplicated storage. SPARK achieves semantic security along with deduplication. Security analysis proves that SPARK is secure against dictionary attacks and tag inconsistency anomaly. As a proof of concept, we implement SPARK in realistic environment and demonstrate its efficiency and effectiveness.Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Cyber Securit