PANDORA applies non-deterministic obfuscation randomly to Android

Proceedings of the 2013 8th International Conference on Malicious and Unwanted Software: "The Americas", MALWARE 2013

Volumn , Issue , 2013, Pages 59-67

  Protsenko, Mykola ^a   Muller, Tilo ^a  

^a UNIVERSITY OF ERLANGEN NUREMBERG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER OPERATING SYSTEMS; METADATA; MOBILE DEVICES; ROBOTS;

COMBINING TECHNIQUES; EVALUATION RESULTS; MALWARE DETECTION; OBJECT-ORIENTED DESIGN; POPULAR PLATFORM; RESEARCH COMMUNITIES; SOFTWARE SIMILARITIES; TRANSFORMATION SYSTEMS;

COMPUTER CRIME;

EID: 84893772400     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/MALWARE.2013.6703686     Document Type: Conference Paper

References (41)

1. M. Batchelder and L. Hendren. Obfuscating Java: the most pain for the least gain. In Proceedings of the 16th international conference on Compiler construction, CC'07, pages 96-110, Berlin, Heidelberg, 2007. Springer-Verlag.
2. E. Bodden. Instrumenting Android Apps with Soot. http://www.bodden.de/ 2013/01/ 08/soot-android-instrumentation/. Accessed: 14.02.2013.
3. A. Bruen and M. Forcinito. Cryptography, Information Theory, and Error-Correction: A Handbook for the 21st Century. Wiley Series in Discrete Mathematics and Optimization. Wiley, 2011.
4. S. Choi, J. Jang, and E. Jae. Android application's copyright protection technology based on forensic mark. In Proceedings of the 2012 ACM Research in Applied Computation Symposium, RACS '12, pages 338-339, New York, NY, USA, 2012. ACM.
5. F. B. Cohen. Operating system protection through program evolution. Comput. Secur., 12(6):565-584, Oct. 1993.
6. C. Collberg and J. Nagra. Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley Professional, 1st edition, 2009.
7. C. Collberg, C. Thomborson, and D. Low. A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Science, University of Auckland, July 1997.
8. A. Desnos. Android: Static analysis using similarity distance. In System Science (HICSS), 2012 45th Hawaii International Conference on, pages 5394-5403, jan. 2012.
9. A. Desnos and G. Gueguen. Android: From reversing to decompilation. In Black Hat Abu Dhabi, 2011.
10. G. Dini, F. Martinelli, A. Saracino, and D. Sgandurra. Madam: a multi-level anomaly detector for android malware. In Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security, MMM-ACNS'12, pages 240-253, Berlin, Heidelberg, 2012. Springer-Verlag.
11. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1-6, Berkeley, CA, USA, 2010. USENIX Association.
12. M. Fowler, K. Beck, J. Brant, W. Opdyke, and D. Roberts. Refactoring: Improving the Design of Existing Code. Addison-Wesley Professional, 1 edition, July 1999.
13. Gartner Says Sales of Mobile Devices Grew 5.6 Percent in Third Quarter of 2011; Smartphone Sales Increased 42 Percent. http://www.gartner.com/ newsroom/id/1848514. Accessed: 01.02.2013.
14. Gartner Says Worldwide Sales of Mobile Phones Declined 3 Percent in Third Quarter of 2012; Smartphone Sales Increased 47 Percent. http://www. gartner.com/newsroom/id/2237315. Accessed: 01.02.2013.
15. S. Horwitz, T. Reps, and D. Binkley. Interprocedural slicing using dependence graphs. ACM Trans. Program. Lang. Syst., 12(1):26-60, Jan. 1990.
16. D. Hurlbut. Fuzzy hashing for digital forensic investigators. Technical report, Access Data Inc., Jan. 2009.
17. Y.-S. Jeong, Y.-U. Park, J.-C. Moon, S.-J. Cho, D. Kim, and M. Park. An anti-piracy mechanism based on class separation and dynamic loading for android applications. In Proceedings of the 2012 ACM Research in Applied Computation Symposium, RACS '12, pages 328-332, New York, NY, USA, 2012. ACM.
18. S. Kim, E. Kim, and J. Choi. A method for detecting illegally copied apk files on the network. In Proceedings of the 2012 ACM Research in Applied Computation Symposium, RACS '12, pages 253-256, New York, NY, USA, 2012. ACM.
19. D. E. Knuth. The Art of Computer Programming, Volume II: Seminumerical Algorithms, 2nd Edition. Addison-Wesley, 1981.
20. C. Liu, C. Chen, J. Han, and P. S. Yu. Gplag: detection of software plagiarism by program dependence graph analysis. In Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, KDD '06, pages 872-881, New York, NY, USA, 2006. ACM.
21. A. Majumdar, S. Drape, and C. Thomborson. Metricsbased evaluation of slicing obfuscations. In Proceedings of the Third International Symposium on Information Assurance and Security, IAS '07, pages 472-477, Washington, DC, USA, 2007. IEEE Computer Society.
22. A. Majumdar, S. J. Drape, and C. D. Thomborson. Slicing obfuscations: design, correctness, and evaluation. In Proceedings of the 2007 ACM workshop on Digital Rights Management, DRM '07, pages 70-81, New York, NY, USA, 2007. ACM.
23. R. Potharaju, A. Newell, C. Nita-Rotaru, and X. Zhang. Plagiarizing smartphone applications: attack strategies and defense techniques. In Proceedings of the 4th international conference on Engineering Secure Software and Systems, ESSoS'12, pages 106-120, Berlin, Heidelberg, 2012. Springer-Verlag.
24. T. A. O. S. Project. Google play distribution. http://developer.android. com/ google/play/dist.html, 2012. Accessed: 18.01.2013.
25. V. Rastogi, Y. Chen, and X. Jiang. Droidchameleon: evaluating android anti-malware against transformation attacks. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, ASIA CCS '13, pages 329-334, New York, NY, USA, 2013. ACM.
26. D. Schuler and V. Dallmeier. Detecting software theft with api call sequence sets. In Proceedings of the 8th Workshop Software Reengineering, May 2006.
27. D. Schuler, V. Dallmeier, and C. Lindig. A dynamic birthmark for Java. In ASE '07: Proceedings of the 22nd International Conference on Automated Software Engineering, pages 274-283, Nov. 2007.
28. A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y.Weiss. "andromaly": a behavioral malware detection framework for android devices. J. Intell. Inf. Syst., 38(1):161-190, Feb. 2012.
29. M. Spreitzenbarth, F. Freiling, F. Echtler, T. Schreck, and J. Hoffmann. Mobile-sandbox: having a deeper look into android applications. In Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC '13, pages 1808-1815, New York, NY, USA, 2013. ACM.
30. H. Tamada, M. Nakamura, A. Monden, and K. ichi Matsumoto. Design and evaluation of birthmarks for detecting theft of Java programs. In IN PROC. OF THE IASTED INT. CONF. ON SOFTWARE ENGINEERING, pages 569-575, 2004.
31. H. Tamada, K. Okamoto, M. Nakamura, A. Monden, and Matsumoto. K.: Dynamic software birthmarks to detect the theft of windows applications. In In: International Symposium on Future Software Technology, 2004.
32. J. Vacca. Network and System Security. Elsevier Science, 2010.
33. R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan. Soot-a Java bytecode optimization framework. In Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research, CASCON '99, pages 13-. IBM Press, 1999.
34. VirusTotal Malware Detection. https://www. virustotal.com/. Accessed: 24.01.2013.
35. X. Wang, Y.-C. Jhi, S. Zhu, and P. Liu. Detecting software theft via system call based birthmarks. In Computer Security Applications Conference, 2009. ACSAC '09. Annual, pages 149-158, dec. 2009.
36. M. Weiser. Program slicing. In Proceedings of the 5th international conference on Software engineering, ICSE '81, pages 439-449, Piscataway, NJ, USA, 1981. IEEE Press.
37. L. K. Yan and H. Yin. Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In Proceedings of the 21st USENIX conference on Security symposium, Security'12, pages 29-29, Berkeley, CA, USA, 2012. USENIX Association.
38. M. Zheng, P. P. Lee, and J. C. Lui. ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-Virus Systems. In Proceedings of the 9th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA ' 12, July 2012.
39. W. Zhou, Y. Zhou, X. Jiang, and P. Ning. Detecting repackaged smartphone applications in third-party android marketplaces. In Proceedings of the second ACM conference on Data and Application Security and Privacy, CODASPY '12, pages 317-326, New York, NY, USA, 2012. ACM.
40. Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 95-109, may 2012.
41. Y. Zhou, Z.Wang,W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In Proceedings of the 19th Annual Network & Distributed System Security Symposium, Feb. 2012.