Open Access Journal

ISSN : 2394-2320 (Online)

International Journal of Engineering Research in Computer Science and Engineering (IJERCSE)

Monthly Journal for Computer Science and Engineering

Open Access Journal

International Journal of Engineering Research in Computer Science and Engineering (IJERCSE)

Monthly Journal for Computer Science and Engineering

ISSN : 2394-2320 (Online)

Preventing Obfuscated Malware via Differential Fault Analysis

Author : Shubhangi.D.C 1 Amena Roohi 2

Date of Publication :16th August 2017

Abstract: The rapid growth of Smartphone sales has come hand in hand with a similar increase in the number and sophistication of malicious software targeting these platforms. Malware analysis is a thriving research area with a substantial amount of still unsolved problems. A major source of security problems is precisely the ability to incorporate third-party applications from available online markets. In the case of smart phones, the impressive growth both in malware and begin apps is making increasingly unaffordable any human driven analysis of potentially dangerous apps. Malware samples consists of hiding and obfuscating modules containing malicious functionality in places that static analysis tools overlook ALTERDROID, is a open source tool for detecting, through reverse engineering, obfuscated functionality in components distributed as parts of an app package. Such components are often part of a malicious app and are hidden outside its main code components, as code components may be subject to static analysis by market operators. The key idea in ALTERDROID consists of analyzing the behavioural differences between the original app and an altered version where a number of modifications. The Malware applications are shown in the screen, and then the user can uninstall the malicious application. The experimental results obtained by testing ALTERDROID over relevant apps and malware samples support the quality and viability of our proposal.

Reference :

    1. Y. Wang, K. Streff, and S. Raman, ―Smartphone security challenges,‖ IEEE Computer, vol. 45, no. 12, pp. 52–58, 2012.
    2. L. Cai and H. Chen, ―Touchlogger: inferring keystrokes on touch screen from smartphone motion,‖ in Proc. USENIX, ser. HotSec‘11, Berkeley, CA, USA, 2011, pp. 9–9.
    3. E. Fernandes, B. Crispo, and M. Conti, ―Fm 99.9, radio virus: Exploiting fm radio broadcasts for malware deployment,‖ IEEE TIFS, 2013.
    4. T. Vidas and N. Christin, ―Sweetening android lemon markets: Measuring and combating malware in application marketplaces,‖ in Proc. ACM, ser. CODASPY ‘13. ACM, 2013, pp. 197–208.
    5. J. Oberheide and C. Miller, ―Dissecting the android bouncer,‖ SummerCon2012, New York, 2012.
    6. G. Suarez-Tangil, J. E. Tapiador, P. Peris, and A. Ribagorda, ―Evolution, detection and analysis of malware for smart devices,‖ IEEE Comms. Surveys & Tut., vol. 16, no. 2, pp. 961–987, May 2014.
    7. M. Rangwala, P. Zhang, X. Zou, and F. Li, ―A taxonomy of privilege escalation attacks in android applications,‖ Int. J. Secur. Netw., vol. 9, no. 1, pp. 40–55, Feb. 2014.
    8. S. Chakradeo, B. Reaves, P. Traynor, and W. Enck, ―Mast: Triage for market-scale mobile malware analysis,‖ in Proc. ACM, ser.W iSec ‘13. New York, NY, USA: ACM, 2013, pp. 13–24.
    9. M. Grace, Y. Zhou, Q. Zhang, S. Zou, and X. Jiang, ―Riskranker: scalable and accurate zero-day Android malware detection,‖ in Proc., ser. MobiSys ‘12. ACM, 2012, pp. 281–294.
    10. Y. Zhou and X. Jiang, ―Dissecting Android malware: Characterization and evolution,‖ in Proc. IEEE, ser. SP ‘12. Washington, DC, USA: IEEE Computer Society, 2012, pp. 95–109.
    11. G. Suarez-Tangil, J. E. Tapiador, and P. Peris-Lopez, ―Stegomalware: Playing hide and seek with malicious components in smartphone apps,‖ in INSCRYPT 2014, December 2014.
    12. A. Desnos and et al., ―Androguard: Reverse engineering, malware and goodware analysis of android applications,‖ https://code. google.com/p/androguard/, Visited Feb.2015.
    13. Panxiaobo, ―Apktool: A tool for reverse eng. android files,‖ https: //code.google.com/p/androidapktool/, Visited Feb. 2015
    14. L. K. Yan and H. Yin, ―Droidscope: seamlessly reconstructing the os and Dalvik semantic views for dynamic Android malware analysis,‖ in Proc. USENIX, ser. Security‘12. Berkeley, CA, USA: USENIX Association, 2012, pp. 29–29.
    15. G. Suarez-Tangil, J. E. Tapiador, P. Peris-Lopez, and J. Blasco, ―Dendroid: A text mining approach to analyzing and classifying code structures in android malware families,‖ Expert Systems with Applications, vol. 41, no. 1, pp. 1104–1117, 2014.
    16. V. I. Levenshtein, ―Binary Codes Capable of Correcting Deletions, Insertions and Reversals,‖ S. Physics Doklady, vol. 10, p. 707, 1966
    17. T. Kumazawa and T. Tamai, ―Counter examplebased error localization of behavior models,‖ in Proc., ser. NFM‘11. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 222–236
    18. G. Suarez-Tangil, F. Lombardi, J. E. Tapiador, and R. Di Pietro, ―Thwarting obfuscated malware via differential fault analysis,‖ IEEE Computer, vol. 47, no. 6, pp. 24–31, June 2014.
    19. C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou, ―Smartdroid: an automatic system for revealing UI-based trigger conditions in Android applications,‖ in Proc. ACM, ser. SPSM ‘12. New York, NY, USA: ACM, 2012, pp. 93–104.
    20. V. Rastogi, Y. Chen, and W. Enck, ―Appsplayground: automatic security analysis of smartphone applications,‖ in Proc. ACM, ser. CODASPY ‘13. New York, NY, USA: ACM, 2013, pp. 209–220.
    21. Android, ―Android developers,‖ Visited Feb. 2015, http://developer.android.com/.
    22. Google, ―Droidbox: Android application sandbox,‖ https://code.google.com/p/droidbox, 2012.
    23. W. Enck, P. Gilbert, B.-G. Chun, and al., ―Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones,‖ in Proc. USENIX, ser. OSDI‘10. Berkeley, CA, USA: USENIX Association, 2010, pp. 1–6
    24. R. Hasan, N. Saxena, T. Haleviz, S. Zawoad, and D. Rinehart, ―Sensing-enabled channels for hard-to-detect command and control of mobile devices,‖ in Proc. ACM SIGSAC, ser. ASIA CCS ‘13. New York, NY, USA: ACM, 2013, pp. 469–480.
    25. C-skill,―Rageagainstthecage, http://‖https://github.com/bibanon/androiddevelopmentcodex/ wiki/rageagainstthecage, 2011.
    26. C. Skill, ―Gingerbreak,‖ http://c skills. blogspot.hk /2011/04/ yummy-yummy-gingerbreak.html, 2011.
    27. M. Zheng, M. Sun, and J. C. Lui, ―Droidray: A security evaluation system for customized android firmwares,‖ in Proc. ACM, ser. ASIA CCS ‘14. New York, NY, USA: ACM, 2014, pp. 471–482.
    28. D. Sancho, F. Hacquebord, and R. Link, ―Finding holes: Operation emmental,‖ Trend Micro, Tech. Rep., 2014, http://www. trendmicro. com/cloud-content/us /pdfs/security -intelligence/ white papers/ wp- finding-holes-operation -emmental.pdf.
    29. Symantec,―Android.gamex,‖ http://www.symantec.c om/security response/ writeup.jsp? docid= 2012 - 051015- 1808-99.
    30. F-secure, ―Smsspy,‖ https://www.f-secure.com/ weblog / archives /00002202.html.
    31. M. Lindorfer, S. Volanis, A. Sisto, and al., ―Andradar: Fast discovery of android applications in alternative markets,‖ in Detection of Intrusions and Malware, and Vulnerability Assessment, ser. LNCS, S. Dietrich, Ed., 2014, vol. 8550, pp. 51–71.
    32. D. Arp, M. Spreitzenbarth, M. H¨ ubner, H. Gascon, and K. Rieck, ―Drebin: Effective and explainable detection of android malware in your pocket,‖ in Proc. NDSS, February 2014
    33. C. Linn and S. Debray, ―Obfuscation of executable code to improve resistance to static disassembly,‖ in Proc. 10th ACM CCS. ACM, 2003, pp. 290–299.
    34. V. Rastogi, Y. Chen, and X. Jiang, ―Droidchameleon: evaluating android anti-malware against transformation attacks,‖ in Proc. ACM SIGSAC, ser. ASIACCS, 2013, pp. 329–334.
    35. H. Huang, S. Zhu, P. Liu, and D. Wu, ―A framework for evaluating mobile app repackaging detection algorithms,‖ in Trust and Trustworthy Computing. Springer, 2013, pp. 169–186.
    36. J. Gao, X. Bai, W.-T. Tsai, and T. Uehara, ―Mobile application testing: A tutorial,‖ Computer, vol. 47, no. 2, pp. 46–55, Feb 2014.
    37. M. Egele, T. Scholte, E. Kirda, and C. Kruegel, ―A survey on automated dynamic malware-analysis techniques and tools,‖ ACM Comput. Surv., vol. 44, no. 2, pp. 6:1–6:42, Mar. 2012.
    38. A. Shabtai, L. Tenenboim-Chekina, D. Mimran, L. Rokach, B. Shapira, and Y. Elovici, ―Mobile malware detection through analysis of deviations in application network behavior,‖ Computers & Security, 2014.
    39. K. Tam, S. J. Khan, A. Fattori, and L. Cavallaro, ―Copperdroid: Automatic reconstruction of android malware behaviors,‖ in NDSS Symp. Internet Society, February 2015.
    40. D. Kirat, G. Vigna, and C. Kruegel, ―Barecloud: bare-metal analysis-based evasive malware detection,‖ in Proc. USENIX SEC‘14., 2014, pp. 287–301.
    41. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A. Sadeghi, ―Xmandroid: A new android evolution to mitigate privilege escalation attacks,‖ Tech. Universitat Darmstadt, Tech. Rep., 2011.
    42. J. Calvet, J. M. Fernandez, and J.-Y. Marion, ―Aligot: cryptographic function identification in obfuscated binary programs,‖ in Proc. ACM, ser. CCS ‘12. ACM, 2012, pp. 169–182.
    43. S. Schrittwieser, S. Katzenbeisser, P. Kieseberg, M. Huber, M. Leithner, M. Mulazzani, and E. Weippl, ―Covert computation: hiding code in code for obfuscation purposes,‖ in Proc. 8th ACM SIGSAC, ser. ASIA CCS ‘13. New York, NY, USA: ACM, 2013, pp. 529–534.
    44. M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant, ―Semantics-aware malware detection,‖ in Security and Privacy, 2005 IEEE Symposium on, May 2005, pp. 32–46.
    45. J. Blasco Al´Ä±s, ―Information leakage and steganography: detecting and blocking covert channels,‖ Ph.D. dissertation, Universidad Carlos III de Madrid, 2012.
    46. G.Fisk,M.Fisk,C.Papadopoulos,and J.Neil,―Eliminating steganography in internet traffic with active wardens,‖ in 5th Intl. Worksh.on Information Hiding, ser. IH ‘02.London,UK,UK: Springer-Verlag, 2003, pp.18–35
    47. E. Li and S. Craver, ―A square-root law for active wardens,‖ in Proceedings of the thirteenth ACM multimedia workshop on Multimedia and security. New York, NY, USA: ACM, 2011, pp. 87– 92.
    48. A. Takanen, J. D. Demott, and C. Miller, Fuzzing for software security testing and quality assurance. Artech House, 2008.
    49. A. Gianazza, F. Maggi, A. Fattori, L. Cavallaro, and S. Zanero, ―Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications,‖ arXiv preprint arXiv:1402.4826, 2014.
    50. J. Gray, ―Why do computers stop and what can be done about it?‖ in Symposium on reliability in distributed software and database systems. Los Angeles, CA, USA, 1986, pp. 3–12.
    51. R. Natella, D. Cotroneo, J. Duraes, and H. Madeira, ―On fault representativeness of software fault injection,‖ Software Engineering, IEEE Transactions on, vol. 39, no. 1, pp. 80–96, Jan 2013.
    52. G. Suarez-Tangil, M. Conti, J. E. Tapiador, and P. Peris- Lopez, ―Detecting targeted smartphone malware with behaviortriggering stochastic models,‖ in ESORICS 2014, ser. LNCS, vol. 8712. Springer International Publishing, 2014, pp. 183–201

Recent Article