Coevolution of Mobile Malware and Anti-Malware

Mobile malware is one of today’s greatest threats in computer security. Furthermore, new mobile malware is emerging daily that introduces new security risks. However, while existing security solutions generally protect mobile devices against known risks, they are vulnerable to as yet unknown risks. How anti-malware software reacts to new, unknown malicious software is generally difficult to predict. Therefore, anti-malware software is in continuous development in order to be able to detect new malware or new variants of existing malware. Similarly, as long as anti-malware software develops, malware writers also develop their malicious code by using various evasion strategies, such as obfuscation and encryption. This is the lifecycle of malicious and anti-malware software. In this paper, the use of evolutionary computation techniques are investigated, both for developing new variants of mobile malware which successfully evades anti-malware systems based on static analysis and for developing better security solutions against them automatically. A coevolutionary arms race mechanism has always been considered a potential candidate for developing a more robust system against new attacks and for system testing. To the best of the authors’ knowledge, this paper is the first application of coevolutionary computation to address this problem.

[1]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[2]  Sevil Sen,et al.  A Survey of Intrusion Detection Systems Using Evolutionary Computation , 2015 .

[3]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[4]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[5]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[6]  Somesh Jha,et al.  Testing malware detectors , 2004, ISSTA '04.

[7]  Carey Nachenberg,et al.  Computer virus-antivirus coevolution , 1997, Commun. ACM.

[8]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[9]  Sevil Sen,et al.  "Do You Want to Install an Update of This Application?" A Rigorous Analysis of Updated Android Applications , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.

[10]  Giorgio Giacinto,et al.  Stealth attacks: An extended insight into the obfuscation effects on Android malware , 2015, Comput. Secur..

[11]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[12]  Malcolm I. Heywood,et al.  Evolutionary computation as an artificial attacker: generating evasion attacks for detector vulnerability testing , 2011, Evol. Intell..

[13]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[14]  Peter J. Clarke,et al.  Testing and evaluating virus detectors for handheld devices , 2006, Journal in Computer Virology.

[15]  Jun Sun,et al.  Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique , 2017, IEEE Transactions on Information Forensics and Security.

[16]  Malcolm I. Heywood,et al.  Can a good offense be a good defense? Vulnerability testing of anomaly detectors through an artificial arms race , 2011, Appl. Soft Comput..

[17]  Muhammad Zubair Shafiq,et al.  Using Formal Grammar and Genetic Operators to Evolve Malware , 2009, RAID.

[18]  Sakir Sezer,et al.  A New Android Malware Detection Approach Using Bayesian Classification , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[19]  Muhammad Zubair Shafiq,et al.  Evolvable malware , 2009, GECCO.

[20]  S. Katzenbeisser,et al.  Malware Normalization , 2005 .

[21]  John R. Koza,et al.  Genetic programming - on the programming of computers by means of natural selection , 1993, Complex adaptive systems.

[22]  John C. S. Lui,et al.  ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems , 2012, DIMVA.

[23]  Alessandra Gorla,et al.  Automated Test Input Generation for Android: Are We There Yet? (E) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[24]  Lihua Wu,et al.  Research of the Computer Virus Evolution Model Based on Immune Genetic Algorithm , 2011, 2011 10th IEEE/ACIS International Conference on Computer and Information Science.

[25]  Riccardo Poli,et al.  Genetic Programming An Introductory Tutorial and a Survey of Techniques and Applications , 2011 .

[26]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[27]  Nguyen Xuan Hoai,et al.  Malware detection using genetic programming , 2014, the 2014 Seventh IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA).

[28]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[29]  Sevil Sen,et al.  Automatic Generation of Mobile Malwares Using Genetic Programming , 2015, EvoApplications.

[30]  Yang Liu,et al.  Mystique: Evolving Android Malware for Auditing Anti-Malware Tools , 2016, AsiaCCS.

[31]  Malcolm I. Heywood,et al.  Generating mimicry attacks using genetic programming: A benchmarking study , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.

[32]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[33]  John A. Clark,et al.  SAFEDroid: Using Structural Features for Detecting Android Malwares , 2017, ATCS/SePrIoT@SecureComm.

[34]  Malcolm I. Heywood,et al.  On evolving buffer overflow attacks using genetic programming , 2006, GECCO '06.

[35]  Pascal Bouvry,et al.  Coevolutionary-based Mechanisms for Network Anomaly Detection , 2007, J. Math. Model. Algorithms.

[36]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[37]  Christian Platzer,et al.  MARVIN: Efficient and Comprehensive Mobile App Classification through Static and Dynamic Analysis , 2015, 2015 IEEE 39th Annual Computer Software and Applications Conference.

[38]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.