nach oben

Arabian Journal for Science and Engineering

Erschienen in:

06.08.2019 | Research Article - Computer Engineering and Computer Science

A Deep Camouflage: Evaluating Android’s Anti-malware Systems Robustness Against Hybridization of Obfuscation Techniques with Injection Attacks

verfasst von: Khaled Bakour, Halil Murat Ünver, Razan Ghanem

Erschienen in: Arabian Journal for Science and Engineering | Ausgabe 11/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The threats facing smartphones have become one of the most dangerous cyberspace threats; therefore, many solutions have been developed in the commercial or academic domain to address these threats. This paper aims to test the defence robustness of some well-known commercial anti-malware systems against camouflage techniques. To this end, multiple attacks have been proposed and applied to create multiple camouflaged malware datasets based on well-known malware datasets. First of all, we proposed two injection attacks, namely benign permissions injection attack and benign permissions-code injection attack; these attacks have been used with one more attack called app re-signing attack. To the best of our knowledge, these injection attacks have been used for the first time in the Android OS domain. Furthermore, the proposed attacks have been hybridized with some commonly used obfuscation techniques, namely string encryption, class encryption, and reflection, to obtain a high degree of camouflage and avoiding anti-malware systems’ detection. To our knowledge, this is the first time that the obfuscation techniques are hybridized with other attacks. The obtained results showed that the detection accuracy of most tested anti-malware systems dropped to about 10% or less. Moreover, the average number of engines which was able to detect malware samples decreased from 45 engines when the original dataset has been tested to about 12 engines when the camouflaged datasets have been tested.

Vorheriger Artikel UFC: A Unified POI Recommendation Framework

Nächster Artikel Control Plane Packet-In Arrival Rate Analysis for Denial-of-Service Saturation Attacks Detection and Mitigation in Software-Defined Networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

https://www.virustotal.com.

Costello, K.: Gartner says worldwide sales of smartphones returned to growth in first quarter of 2018 (2018). https://www.gartner.com/newsroom/id/3876865. Accessed 29 July 2018

Brenner, B.: Malware rains on Google’s android oreo parade (2017). https://nakedsecurity.sophos.com/2017/08/24/malware-rains-on-googles-android-oreo-parade/. Accessed 30 July 2018

Lueg, C.: Malware figures for android rise rapidly (2018). https://www.gdatasoftware.com/blog/2018/07/30937-malware-figures-for-android-rise-rapidly. Accessed 13 Sept 2018

Zhang, M.: Android ransomware variant uses clickjacking to become device administrator (2016). https://www.symantec.com/connect/blogs/android-ransomware-variant-uses-clickjacking-become-device-administrator. Accessed 13 Sept 2018

Research, E.: DoubleLocker: innovative Android ransomware (2017). https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/. Accessed 13 Sept 2018

List, S.: Ztorg: money for infecting your smartphone (2017). https://securelist.com/ztorg-money-for-infecting-your-smartphone/78325/. Accessed 13 Mar 2018

Unuchek, R.: Dvmap: the first Android malware with code injection (2017). https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/. Accessed 13 Sept 2018

Semantic.: AndroidOS.FakePlayer (2010). https://www.symantec.com/security-center/writeup/2010-081100-1646-99. Accessed 13 Sept 2018

Roman Unuchek, F.S.; Parinov, D.; Liskin, A: IT threat evolution Q3 2017. Statistics (2017). https://securelist.com/it-threat-evolution-q3-2017-statistics/83131/. Accessed 4 Aug 2019

10.

Micro, T.: Mobile adware rottensys can infect android devices to become part of a botnet (2018). https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/mobile-adware-rottensys-can-infect-android-devices-to-become-part-of-a-botnet. Accessed 13 Sept 2018

11.

Kaspersky.: Mobile banking Trojans, explained (2015). https://www.kaspersky.com/blog/mobile-banking-trojans-faq/13243/. Accessed 13 Sept 2018

12.

Snow, J.: The evolution of Asacub trojan: from small fish to ultimate weapon (2016). https://www.kaspersky.com/blog/asacub-trojan/11108/. Accessed 4 Aug 2019

13.

Securelist.: A new era in mobile banking Trojans (2017). https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/. Accessed 13 Sept 2018

14.

F-secure.: Trojan-Spy: Android/Tramp.A. https://www.f-secure.com/v-descs/trojan_android_tramp.shtml#summary. Accessed 13 Sept 2018

15.

f-secure.: Trojan:Android/Anserverbot.A. https://www.f-secure.com/v-descs/trojan_android_anserverbot.shtml. Accessed 13 Sept 2018

16.

Talha, K.A.; Alper, D.I.; Aydin, C.: APK auditor: permission-based Android malware detection system. Digit. Investig. 13, 1–14 (2015). https://doi.org/10.1016/j.diin.2015.01.001 CrossRef

17.

Liang, S.; Du, X.: Permission-combination-based scheme for android mobile malware detection. In: IEEE International Conference on Communications (ICC), 2014, IEEE.

18.

Verma, S.; Muttoo, S.K.: An android malware detection framework-based on permissions and intents. Def. Sci. J. 66(6), 618 (2016). https://doi.org/10.14429/dsj.66.10803 CrossRef

19.

Sokolova, K.; Perez, C.; Lemercier, M.: Android application classification and anomaly detection with graph-based permission patterns. Decis. Support Syst. 93, 62–76 (2017). https://doi.org/10.1016/j.dss.2016.09.006 CrossRef

20.

Feizollah, A.; et al.: AndroDialysis: analysis of android intent effectiveness in malware detection. Comput. Secur. 65, 121–134 (2017). https://doi.org/10.1016/j.cose.2016.11.007 CrossRef

21.

Altaher, A.; BaRukab, O.: Android malware classification based on ANFIS with fuzzy c-means clustering using significant application permissions. Turk. J. Electr. Eng. Comput. Sci. 25(3), 2232–2242 (2017)CrossRef

22.

Sharma, K.; Gupta, B.: Mitigation and risk factor analysis of android applications. Comput. Electr. Eng. 71, 416–430 (2018)CrossRef

23.

Alam, S.; et al.: DroidNative: automating and optimizing detection of Android native code malware variants. Comput. Secur. 65, 230–246 (2017). https://doi.org/10.1016/j.cose.2016.11.011 CrossRef

24.

Fan, M.; et al.: Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Trans. Inf. Forensics Secur. 13(8), 1890–1905 (2018). https://doi.org/10.1109/tifs.2018.2806891 CrossRef

25.

Yerima, S.Y.; Sezer, S.: DroidFusion: a novel multilevel classifier fusion approach for android malware detection. IEEE Trans. Cybern. (2018). https://doi.org/10.1109/tcyb.2017.2777960

26.

Sen, S.; Aysan, A.I.; Clark, J.A.: SAFEDroid: using structural features for detecting android malwares. In: Security and Privacy in Communication Networks. 2018. Springer, Cham

27.

Wang, W.; Zhao, M.; Wang, J.: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network. J. Ambient Intell. Hum. Comput. (2018). https://doi.org/10.1007/s12652-018-0803-6

28.

Gurulian, I.; et al.: You can’t touch this: consumer-centric android application repackaging detection. Future Gen. Comput. Syst. 65, 1–9 (2016). https://doi.org/10.1016/j.future.2016.05.021 CrossRef

29.

Sanz, B.; et al.: On the automatic categorisation of android applications. In: Consumer Communications and Networking Conference (CCNC), 2012 IEEE

30.

Wang, C.; et al.: An android malware dynamic detection method based on service call co-occurrence matrices. Ann. Telecommun. 72(9–10), 607–615 (2017). https://doi.org/10.1007/s12243-017-0580-9 CrossRef

31.

Enck, W.; et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014). https://doi.org/10.1145/2619091 CrossRef

32.

Rastogi, V.; Chen, Y.; Enck, W.: AppsPlayground: automatic security analysis of smartphone applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy. 2013. ACM.

33.

Kabakus, A.T.; Dogru, I.A.: An in-depth analysis of android malware using hybrid techniques. Digit. Invest. 24, 25–33 (2018). https://doi.org/10.1016/j.diin.2018.01.001 CrossRef

34.

Ali-Gombe, A.I.; et al.: Toward a more dependable hybrid analysis of android malware using aspect-oriented programming. Comput. Secur. 73, 235–248 (2018). https://doi.org/10.1016/j.cose.2017.11.006 CrossRef

35.

Xue, L.; et al.: Adaptive unpacking of android apps. In: IEEE/ACM 39th International Conference 2017, pp. 358–369. https://doi.org/10.1109/icse.2017.40

36.

Li, B.; et al.: AppSpear: automating the hidden-code extraction and reassembling of packed android malware. J. Syst. Softw. 140, 3–16 (2018). https://doi.org/10.1016/j.jss.2018.02.040 CrossRef

37.

Zhang, Y.; Luo, X.; Yin, H.: Dexhunter: toward extracting hidden code from packed android applications. In: European Symposium on Research in Computer Security. Springer, Berlin (2015)

38.

Li, L.; et al.: Droidra: taming reflection to support whole-program analysis of android apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis. ACM, Cambridge (2016)

39.

Zheng, M.; Lee, P.P.; Lui, J.C.: ADAM: an automatic and extensible platform to stress test android anti-virus systems. In: International conference on detection of intrusions and malware, and vulnerability assessment. Springer, Berlin (2012)

40.

Rastogi, V.; Chen, Y.; Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. ACM, Cambridge (2013)

41.

Maiorca, D.; et al.: Stealth attacks: an extended insight into the obfuscation effects on Android malware. Comput. Secur. 51, 16–31 (2015). https://doi.org/10.1016/j.cose.2015.02.007 CrossRef

42.

Rastogi, S.; Bhushan, K.; Gupta, B.: Android applications repackaging detection techniques for smartphone devices. Procedia Comput. Sci. 78, 26–32 (2016)CrossRef

43.

Huang, H.; et al.: A framework for evaluating mobile app repackaging detection algorithms. In: International Conference on Trust and Trustworthy Computing. Springer, Berlin (2013)

44.

Gupta, S.; Gupta, B.B.: JS-SAN: defense mechanism for HTML5-based web applications against JavaScript code injection vulnerabilities. Secur. Commun. Netw. 9(11), 1477–1495 (2016)CrossRef

45.

Chaudhary, P.; Gupta, S.; Gupta, B.B.: Auditing defense against XSS worms in online social network-based web applications. In: Handbook Research on Modern Cryptographic Solutions for Computer and Cyber Security, pp. 216–245. IGI Global (2016)

46.

Gupta, B.B., Soni, H.; Siwan, P.; Kumar, A.; Gupta S.: DOM‐guard: defeating DOM based injection of XSS worms in HTML5 web applications on Mobile based cloud platforms. In: Computer and Cyber Security: Principles, Algorithm, Applications, and Perspectives, pp 425–453 (2018)

47.

Arp, D.; et al.: Drebin: effective and explainable detection of android malware in your pocket. In: Ndss (2014)

48.

Zhou, Y.; Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy (SP), IEEE (2012)

Titel: A Deep Camouflage: Evaluating Android’s Anti-malware Systems Robustness Against Hybridization of Obfuscation Techniques with Injection Attacks
verfasst von: Khaled Bakour
Halil Murat Ünver
Razan Ghanem
Publikationsdatum: 06.08.2019
Verlag: Springer Berlin Heidelberg
Erschienen in: Arabian Journal for Science and Engineering / Ausgabe 11/2019
Print ISSN: 2193-567X
Elektronische ISSN: 2191-4281
DOI: https://doi.org/10.1007/s13369-019-04081-5

Premium Partner

Marktübersichten

Die im Laufe eines Jahres in der „adhäsion“ veröffentlichten Marktübersichten helfen Anwendern verschiedenster Branchen, sich einen gezielten Überblick über Lieferantenangebote zu verschaffen.

Zur Marktübersicht

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 11/2019

An Optimal Codebook for Content-Based Image Retrieval in JPEG Compressed Domain

Diacritics Effect on Arabic Speech Recognition

Sentence Embedding and Convolutional Neural Network for Semantic Textual Similarity Detection in Arabic Language

Bayesian Versus Convolutional Networks for Arabic Handwriting Recognition

Framework for Agile Development Using Cloud Computing: A Survey

Brain MR Imaging Tumor Detection Using Monogenic Signal Analysis-Based Invariant Texture Descriptors

Premium Partner

Marktübersichten