论文信息 - Inferring the Detection Logic and Evaluating the Effectiveness of Android Anti-Virus Apps

Inferring the Detection Logic and Evaluating the Effectiveness of Android Anti-Virus Apps

Malware on Android has been reported to be on the rise. There are many anti-virus (AV) apps available on Android. However, most AVs are presented as black-boxes without details given about their workings. In this paper, we propose to determine the key elements used by the AVs, which we call inferring the AV detection logic, through a black-box testing methodology. We perform a large scale experiment on 57 Android AVs using 2000 malware variants to evaluate whether the detection logic can be found and whether the AVs can detect the malware. Our experiments show that a majority of AVs detect malware using simple static features. Such features can be easily obfuscated by renaming or encrypting strings and data, which can make it easy to evade some AVs. We also observe trends showing that AVs use common features to detect malware across all families.

Roland H. C. Yap | Zhenquan Cai

[1] Xuxian Jiang,et al. DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[2] John C. S. Lui,et al. ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems , 2012, DIMVA.

[3] Yajin Zhou,et al. Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[4] Ymir Vigfusson,et al. PMDS: Permission-Based Malware Detection System , 2014, ICISS.

[5] Patrick D. McDaniel,et al. On lightweight mobile phone application certification , 2009, CCS.

[6] Julian Schütte,et al. On the Effectiveness of Malware Protection on Android An evaluation of Android antivirus , 2013 .

[7] Steve Hanna,et al. A survey of mobile malware in the wild , 2011, SPSM '11.

[8] Konrad Rieck,et al. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[9] Yajin Zhou,et al. RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[10] Julian Schütte,et al. An antivirus API for Android malware recognition , 2013, 2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE).