论文信息 - Obfuscation Techniques against Signature-Based Detection: A Case Study

Obfuscation Techniques against Signature-Based Detection: A Case Study

Android malware is increasingly growing interms of complexity. In order to evade signature-based detection, which represents the most adopted technique by current antimalware vendors, malware writers begin to deploy malware with the ability to change their code as they propagate.In this paper, our aim is to evaluate the robustness of Android antimalware tools when various evasion techniques are used to obfuscate malicious payloads. To support this assessment we realized a tool which applies a number of common transformations on the code of malware applications, and applied these transformations to about 5000 malware apps. Our results demonstrate that, after the code transformations, the malware is not detected by a large set of antimalware tools,even when, before applying the transformations, malware was correctly identified by most antimalware tools. Such outcomes suggest that malware detection methods must be quickly re-designed for protecting successfully smart devices.

Gerardo Canfora | Corrado Aaron Visaggio | Francesco Mercaldo | Andrea Di Sorbo

[1] Dan Arp,et al. Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[2] Konrad Rieck,et al. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[3] Yajin Zhou,et al. Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[4] Xuxian Jiang,et al. Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks , 2014, IEEE Transactions on Information Forensics and Security.

[5] John C. S. Lui,et al. ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems , 2012, DIMVA.

[6] Eric Medvet,et al. Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware , 2015, 2015 10th International Conference on Availability, Reliability and Security.