Divide-and-conquer: Why android malware cannot be stopped

Proceedings - 9th International Conference on Availability, Reliability and Security, ARES 2014

Volumn , Issue , 2014, Pages 30-39

  Maier, Dominik ^a   Muller, Tilo ^a   Protsenko, Mykola ^a  

^a UNIVERSITY OF ERLANGEN NUREMBERG   (Germany)

Author keywords

Android malware; AV; Google bouncer; Mobile sandboxes; Obfuscation; Static and dynamic analysis

Indexed keywords

ANDROID (OPERATING SYSTEM); MALWARE; STATIC ANALYSIS;

ANDROID MALWARE; GOOGLE BOUNCER; MOBILE SANDBOXES; OBFUSCATION; STATIC AND DYNAMIC ANALYSIS;

MOBILE SECURITY;

EID: 84920584471     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2014.12     Document Type: Conference Paper

References (35)

1. Gartner. (2013, Nov. ) Gartner Says Smartphone Sales Accounted for 55 Percent of Overall Mobile Phone Sales in Third Quarter of 2013. [Online]. Available: http://www. gartner. com/newsroom/id/2623415
2. M. Spreitzenbarth, F. C. Freiling, F. Echtler, T. Schreck, and J. Hoffmann, "Mobile-sandbox: Having a deeper look into Android applications," in Proceedings of the 28th Annual ACM Symposium on Applied Computing, ser. SAC '13. New York, NY, USA: ACM, 2013, pp. 1808-1815.
3. C. Marforio, H. Ritzdorf, A. Francillon, and S. Capkun, "Analysis of the Communication Between Colluding Applications on Modern Smartphones," in Proceedings of the 28th Annual Computer Security Applications Conference, ser. ACSAC '12. New York, NY, USA: ACM, Dec. 2012, pp. 51-60.
4. X. Chen, J. Andersen, Z. Mao, M. Bailey, and J. Nazario, "Towards an understanding of anti-virtualization and antidebugging behavior in modern malware," in Dependable Systems and Networks With FTCS and DCC, 2008. DSN 2008. IEEE International Conference on, June 2008, pp. 177-186.
5. A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Dolev, and C. Glezer, "Google Android: A comprehensive security assessment," IEEE Security and Privacy, vol. 8, no. 2, pp. 35-44, Mar. 2010.
6. V. Rastogi, Y. Chen, and X. Jiang, "Droidchameleon: Evaluating Android anti-malware against transformation attacks," in Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ser. ASIA CCS '13. New York, NY, USA: ACM, 2013, pp. 329-334.
7. R. Fedler, J. Schütte, and M. Kulicke, "On the effectiveness of malware protection on Android," Fraunhofer AISEC, Berlin, Tech. Rep., 2013.
8. Mykola Protsenko and Tilo Müller, "PANDORA Applies Non-Deterministic Obfuscation Randomly to Android," in 8th International Conference on Malicious and Unwanted Software, Fernando C. Osorio, Ed., 2013.
9. H. Lockheimer. (2012, Feb. ) Android and Security. Google Inc. [Online]. Available: http://googlemobile. blogspot. de/ 2012/02/android-and-security. html
10. N. J. Percoco and S. Schulte, "Adventures in Bouncerland: Failures of Automated Malware Detection with in Mobile Application Markets," in Black Hat USA '12. Trustwave SpiderLabs, Jul. 2012.
11. J. Oberheide and C. Miller, "Dissecting the Android Bouncer. " Presented at SummerCon 2012, Brooklyn, NY, 2012. [Online]. Available: https://jon. oberheide. org/files/ summercon12-bouncer. pdf
12. S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna, "Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications," in Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.
13. A. Moser, C. Kruegel, and E. Kirda, "Limits of static analysis for malware detection," in Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, Dec 2007, pp. 421-430.
14. D. Kirat, G. Vigna, and C. Kruegel, "Barebox: Efficient malware analysis on bare-metal," in Proceedings of the 27th Annual Computer Security Applications Conference, ser. ACSAC '11. New York, NY, USA: ACM, 2011, pp. 403-412.
15. C. Willems, T. Holz, and F. C. Freiling, "Toward automated dynamic malware analysis using cwsandbox," IEEE Security and Privacy, vol. 5, no. 2, pp. 32-39, Mar. 2007.
16. U. Bayer, I. Habibi, D. Balzarotti, E. Kirda, and C. Kruegel, "A view on current malware behaviors," in Proceedings of the 2Nd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, ser. LEET'09. Berkeley, CA, USA: USENIX Association, 2009, pp. 8-8.
17. M. Becher and F. C. Freiling, "Towards dynamic malware analysis to increase mobile device security," in Sicherheit, ser. LNI, A. Alkassar and J. H. Siekmann, Eds., vol. 128. GI, pp. 423-433.
18. M. Becher and R. Hund, "Kernel-level interception and applications on mobile devices," University of Mannheim, Tech. Rep., may 2008.
19. T. Bläsing, L. Batyuk, A.-D. Schmidt, S. Camtepe, and S. Albayrak, "An Android application sandbox system for suspicious software detection," in Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, Oct 2010, pp. 55-62.
20. M. Spreitzenbarth, "Dissecting the Droid: Forensic Analysis of Android and its malicious Applications," Ph. D. dissertation, 2013, Friedrich-Alexander-Universität Erlangen-Nürnberg.
21. M. Lindorfer. (2012, Jun. ) Andrubis: A Tool for Analyzing Unknown Android Applications. iSecLab. [Online]. Available: http://blog. iseclab. org/2012/06/04/ andrubis-a-tool-for-analyzing-unknown-android-applications
22. Anthony Desnos. Androguard: Reverse engineering, Malware and goodware analysis of Android applications. [Online]. Available: http://code. google. com/p/androguard/
23. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, "Taintdroid: An informationflow tracking system for realtime privacy monitoring on smartphones," in Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, ser. OSDI'10. Berkeley, CA, USA: USENIX Association, 2010, pp. 1-6.
24. ForSafe, "Forsafe mobile security," Whitepaper, 2013. [Online]. Available: http://www. foresafe. com/ForeSafe WhitePaper. pdf
25. Botnet Research Team. (2014) SandDroid: An APK Analysis Sandbox. Xi'an Jiaotong University. [Online]. Available: http://sanddroid. xjtu. edu. cn
26. V. Van der Veen, "Dynamic Analysis of Android Malware," Master Thesis, VU University Amsterdam, Aug. 2013. [Online]. Available: http://tracedroid. few. vu. nl/thesis. pdf
27. R. Fedler, M. Kulicke, and J. Schütte, "Native code execution control for attack mitigation on Android," in Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones Mobile Devices, ser. SPSM '13. New York, NY, USA: ACM, 2013, pp. 15-20.
28. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry, "Towards Taming Privilege-Escalation Attacks on Android," in 19th Annual Network & Distributed System Security Symposium, ser. NDSS '12, Feb. 2012.
29. L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy, "Privilege escalation attacks on Android," in Proceedings of the 13th International Conference on Information Security, ser. ISC'10. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 346-360.
30. R. Fedler, M. Kulicke, and J. Schütte, "An antivirus API for Android malware recognition," in Malicious and Unwanted Software: "The Americas" (MALWARE), 2013 8th International Conference on, Oct 2013, pp. 77-84.
31. M.-K. Sun, M.-J. Lin, M. Chang, C.-S. Laih, and H.-T. Lin, "Malware virtualization-resistant behavior detection. " in ICPADS. IEEE, 2011, pp. 912-917.
32. M. Lindorfer, C. Kolbitsch, and P. Milani Comparetti, "Detecting environment-sensitive malware," in Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, ser. RAID'11. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 338-357.
33. A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, and Y. Weiss, ""Andromaly": A behavioral malware detection framework for Android devices," Journal of Intelligent Information Systems, vol. 38, no. 1, pp. 161-190, 2012.
34. D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, and K. Rieck, "DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket," in Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014.
35. D. Balzarotti, M. Cova, C. Karlberger, C. Kruegel, E. Kirda, and G. Vigna, "Efficient detection of split personalities in malware," in In Proceedings of the Symposium on Network and Distributed System Security (NDSS), San Diego, CA, Mar. 2010.