Monday, 30 June 2014

Catch me if you can: evaluating android Anti-malware against transformation attacks


Mobile malware threats (e.g., on Android) have recently become a real concern. In this paper, we evaluate the state-of-the-art commercial mobile anti-malware products for Android and test how resistant they are against various common obfuscation techniques (even with known malware). Such an evaluation is important for not only measuring the available defense against mobile malware threats, but also proposing effective, next generation solutions. We developed DroidChameleon, a systematic framework with various transformation techniques, and used it for our study. Our results on 10 popular commercial anti-malware applications for Android are worrisome: none of these tools is resistant against common malware transformation techniques. In addition, a majority of them can be trivially defeated by applying slight transformation over known malware with little effort for malware authors. Finally, in light of our results, we propose possible remedies for improving the current state of malware detection on mobile devices.
Mobile computing devices such as smartphones and tablets are becoming increasingly popular. Unfortunately, this popularity attracts malware authors too. In reality, mobile malware has already become a serious concern. It has been reported that on Android, one of the most popular smartphone platforms, malware has constantly been on the rise and the platform is seen as “clearly today’s target”.With the growth of malware, the platform has also seen an evolution of anti-malware tools, with a range of free and paid offerings now available in the official Android app market, Google Play.
Polymorphic attacks have long been a plague for traditional desktop and server systems. While there exist earlier studies the effectiveness of anti-malware tools on PCs, our domain of study
is different in that we exclusively focus on mobile devices like smartphones, which require different ways for anti-malware design. Also, malware on mobile devices have recently escalated their evolution but the capabilities of existing anti-malware tools are largely not yet understood.
·       Some of the applications even claim resistance against malware transformations.
·       It will detect only specific malwares.
·       It allows application to access and modify all the information.
We aim to evaluate the efficacy of anti-malware tools on Android in the face of various evasion techniques.
Findings show that some antimalware tools have tried to strengthen their signatures with a trend towards content-based signatures while previously they were evaded by trivial transformations not involving code-level changes. The improved signatures are however still shown to be easily evaded.

To evaluate existing anti-malware software, we develop a systematic framework called DroidChameleon with several common transformation techniques that may be used to transform Android applications automatically. Some of these transformations are highly specific to the Android platform only. Based on the framework, we pass known malware samples (from different families) through these transformations to generate new variants of malware, which are verified to possess the originals’ malicious functionality. We use these variants to evaluate the effectiveness and robustness of popular anti-malware tools. Based on our evaluation results, we also explore possible ways to improve current anti-malware solutions. Specifically, we point out that Android eases developing advanced detection techniques because much code is high-level bytecodes rather than native codes. Furthermore, certain platform support can be enlisted to cope with advanced transformations.

·       It provides solutions for all types of malware available.
·       It block the application to access the information.
·       Resist to all types of transformations available to harm the system.



 ü Processor                  -        Pentium –IV
ü Speed                        -        1.1 Ghz
ü RAM                         -        512 MB(min)
ü Hard Disk                 -        40 GB
ü Key Board                -        Standard Windows Keyboard
ü Mouse                       -        Two or Three Button Mouse
ü Monitor                     -        LCD/LED

         Operating system :         Windows XP.
         Coding Language :         Android
         Data Base             :         SQLite
         Tool                     :         Eclipse.

Vaibhav Rastogi, Yan Chen, and Xuxian Jiang  Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks ” IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 9, NO. 1, JANUARY 2014

No comments:

Post a Comment