Download Malware? No, Thanks. How Formal Methods Can Block Update Attacks

In mobile malware landscape there are many techniques to inject malicious payload in a trusted application: one of the most common is represented by the so-called update attack. After an apparently innocuous application is installed on the victim’s device, the user is asked to update the application, and a malicious behavior is added to the application. In this paper we propose a static method based on model checking able to identify this kind of attack. In addiction, our method is able to localize the malicious payload at methodlevel. We obtain an accuracy very close to 1 in identifying families implementing update attack using a real Android dataset composed by 2,581 samples.

[1]  Tayssir Touili,et al.  PoMMaDe: pushdown model-checking for malware detection , 2013, ESEC/FSE 2013.

[2]  Giordano Tamburrelli,et al.  Probabilistic Verification at Runtime for Self-Adaptive Systems , 2013, Assurances for Self-Adaptive Systems.

[3]  Stefan Katzenbeisser,et al.  Detecting Malicious Code by Model Checking , 2005, DIMVA.

[4]  Dan Arp,et al.  Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[5]  Kevin Fu,et al.  Secure Software Updates: Disappointments and New Challenges , 2006, HotSec.

[6]  Gerardo Canfora,et al.  Composition-Malware: Building Android Malware at Run Time , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[7]  Antonella Santone,et al.  Abstract Interpretation and Model Checking for Checking Secure Information Flow in Concurrent Systems , 2003, Fundam. Informaticae.

[8]  Christopher Krügel,et al.  Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications , 2014, NDSS.

[9]  Antonella Santone,et al.  Infer Gene Regulatory Networks from Time Series Data with Probabilistic Model Checking , 2015, 2015 IEEE/ACM 3rd FME Workshop on Formal Methods in Software Engineering.

[10]  Yajin Zhou,et al.  RiskRanker: scalable and accurate zero-day android malware detection , 2012, MobiSys '12.

[11]  XiaoFeng Wang,et al.  Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating , 2014, 2014 IEEE Symposium on Security and Privacy.

[12]  L. Tenenboim-Chekina,et al.  Detecting application update attack on mobile devices through network featur , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[13]  Antonella Santone,et al.  Abstract reduction in directed model checking CCS processes , 2012, Acta Informatica.

[14]  Antonella Santone,et al.  Application of Equivalence Checking in a Loan Origination Process in Banking Industry , 2013, 2013 Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[15]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[16]  Eric Filiol,et al.  Formalization of Viruses and Malware Through Process Algebras , 2010, 2010 International Conference on Availability, Reliability and Security.

[17]  Wenke Lee,et al.  Jekyll on iOS: When Benign Apps Become Evil , 2013, USENIX Security Symposium.

[18]  Gerardo Canfora,et al.  Obfuscation Techniques against Signature-Based Detection: A Case Study , 2015, 2015 Mobile Systems Technologies Workshop (MST).

[19]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[20]  Antonella Santone,et al.  Incremental construction of systems: An efficient characterization of the lacking sub-system , 2013, Sci. Comput. Program..

[21]  Rance Cleaveland,et al.  The NCSU Concurrency Workbench , 1996, CAV.

[22]  Colin Stirling,et al.  An Introduction to Modal and Temporal Logics for CCS , 1991, Concurrency: Theory, Language, And Architecture.

[23]  Tayssir Touili,et al.  Efficient Malware Detection Using Model-Checking , 2012, FM.

[24]  Tayssir Touili,et al.  Model-Checking for Android Malware Detection , 2014, APLAS.

[25]  Antonella Santone,et al.  Identification of Android Malware Families with Model Checking , 2016, ICISSP.

[26]  Sevil Sen,et al.  "Do You Want to Install an Update of This Application?" A Rigorous Analysis of Updated Android Applications , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.