Model Checking for Mobile Android Malware Evolution

Software engineering researchers have largely demonstrated that newer versions of software make use of previous versions of existing software. No exception to this rule for the so-called malicious software, that frequently evolves in order to evade the detection by antimalware. As matter of fact, mobile malicious programs, such as trojans, are frequently related to previous malware through evolutionary relationships. Discovering those relationships and constructing a phylogenetic model is expected to be helpful for analyzing new malware and for establishing a principled naming scheme. In this paper we propose a model checking based method to infer mobile malware phylogenetic trees. We demonstrate, implementing our approach in the droid-Sapiens tool, that mobile malware families come from an ancestor and they infuence own descendant, basing on the payload that they exhibit.

[1]  Radu Mateescu,et al.  CADP 2011: a toolbox for the construction and analysis of distributed processes , 2012, International Journal on Software Tools for Technology Transfer.

[2]  Antonella Santone,et al.  k-Bisimulation: A Bisimulation for Measuring the Dissimilarity Between Processes , 2015, FACS.

[3]  Andrew Walenstein,et al.  A transformation-based model of malware derivation , 2012, 2012 7th International Conference on Malicious and Unwanted Software.

[4]  Antonella Santone,et al.  Conformance Checking using Formal Methods , 2016, ICSOFT-EA.

[5]  Dan Arp,et al.  Drebin : � Efficient and Explainable Detection of Android Malware in Your Pocket , 2014 .

[6]  Srikanth Ramu Mobile Malware Evolution , Detection and Defense , 2012 .

[7]  Enrique V. Carrera,et al.  Digital genome mapping: ad-vanced binary malware analysis , 2004 .

[8]  Thomas Dullien,et al.  Graph-based comparison of Executable Objects , 2005 .

[9]  T. Dullien,et al.  Graph-based comparison of Executable Objects ( English Version ) , 2005 .

[10]  Helen J. Wang,et al.  Finding diversity in remote code injection exploits , 2006, IMC '06.

[11]  Antonella Santone,et al.  GreASE: A Tool for Efficient “Nonequivalence” Checking , 2014, TSEM.

[12]  Antonella Santone,et al.  Download Malware? No, Thanks. How Formal Methods Can Block Update Attacks , 2016, 2016 IEEE/ACM 4th FME Workshop on Formal Methods in Software Engineering (FormaliSE).

[13]  Eric Medvet,et al.  Detecting Android malware using sequences of system calls , 2015, DeMobile@SIGSOFT FSE.

[14]  Andrew Walenstein,et al.  Evaluation of malware phylogeny modelling systems using automated variant generation , 2009, Journal in Computer Virology.

[15]  David Brumley,et al.  BitShred: feature hashing malware for scalable triage and semantic analysis , 2011, CCS '11.

[16]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[17]  William B. Frakes,et al.  Software reuse research: status and future , 2005, IEEE Transactions on Software Engineering.

[18]  Xuxian Jiang,et al.  Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks , 2014, IEEE Transactions on Information Forensics and Security.

[19]  Rance Cleaveland,et al.  The NCSU Concurrency Workbench , 1996, CAV.

[20]  Andrew Walenstein,et al.  Malware phylogeny generation using permutations of code , 2005, Journal in Computer Virology.

[21]  Mario Luca Bernardi,et al.  Process Mining Meets Malware Evolution: A Study of the Behavior of Malicious Code , 2016, 2016 Fourth International Symposium on Computing and Networking (CANDAR).

[22]  Pietro Lio',et al.  Unity in Diversity: Phylogenetic-inspired Techniques for Reverse Engineering and Detection of Malware Families , 2011, 2011 First SysSec Workshop.

[23]  Antonella Santone,et al.  Ransomware Steals Your Phone. Formal Methods Rescue It , 2016, FORTE.

[24]  Roberto Barbuti,et al.  Selective Mu-Calculus and Formula-Based Equivalence of Transition Systems , 1999, J. Comput. Syst. Sci..

[25]  Kim G. Larsen,et al.  CAAL: Concurrency Workbench, Aalborg Edition , 2015, ICTAC.

[26]  Wayne P. Maddison,et al.  Macclade: Analysis of Phylogeny and Character Evolution/Version 3 , 1992 .

[27]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.