Detection of metamorphic malicious mobile code on android-based smartphones
Pages 56 - 75
Abstract
By repackaging a malicious code into reverse compiled legitimate mobile code, malware authors can bypass detection step on existing mobile vaccine software using inserting AES-encrypted root exploits to loading some payload from a malicious remote server dynamically. In this case, malicious codes are constantly changing to evade detection steps by continuing its evolution by operating a metamorphic code by adding new propagation vectors, functionality, and stealth techniques to hide its presence and evade the detection of antivirus software. Those metamorphic features are aimed at changing the form of each instance of the malware by using encryption or appended/pre-pended dummy code into internal code of mobile apps. Therefore, we propose a new system to determine and detect metamorphic malicious mobile code by extracting dynamic features activated from Android platform using extended dynamic analysis technique.
References
[1]
Dai, S., Wek, T. and Zou, W. (2012) 'DroidLogger: reveal suspicious behavior of Android applications via instrumentation', International Conference on Computing and Convergence Technology (ICCCT), pp.550-555.
[2]
Felt, A.P., Finifter, M., Chin, E., Hanna, S. and Wagner, D. (2011) 'A survey of mobile malware in the wild', Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM '11, ACM, New York, NY, USA, pp.3-14.
[3]
Ham, Y.J., Moon, D., Lee, H-W., Lim, J. and Kim, J.N. (2014) 'Android mobile application system call event pattern analysis for determination of malicious attack', International Journal of Security and Its Applications (IJSIA), Vol. 8, No. 1, pp.231-246.
[4]
Leder, F., Steinbock, B. and Martini, P. (2009) 'Classification and detection of metamorphic malware using value set analysis', 2009 4th International Conference on Malicious and Unwanted Software (IEEE MALWARE) 2009, pp.39-46.
[5]
Pandi, M.H., Kashefi, O. and Minaei, B. (2011) 'A novel similarity measure for sequence data', Journal of Information Processing Systems, Vol. 7, No. 3, September, pp.413-424.
[6]
Uscilowski, B. (2013) Mabile Adware and Malware Analysis, Security Response, Synamtec.
[7]
Zhou, W., Zhou, Y., Jiang, X. and Ning, P. (2012) 'DroidMOSS: detecting repackaged smartphone applications in third-party android marketplaces', Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, ACM, New York, pp.317-326.
Recommendations
Detecting metamorphic malwares using code graphs
SAC '10: Proceedings of the 2010 ACM Symposium on Applied ComputingMalware writers and detectors have been running an endless battle. Self-defense is the weapon most malware writers prepare against malware detectors. Malware writers have tried to evade the improved detection techniques of anti-virus(AV) products. ...
Metamorphic malicious code behavior detection using probabilistic inference methods
AbstractExisting antivirus programs detect malicious code based on fixed signatures; therefore, they have limitations in detecting metamorphic malicious code that lacks signature information or possesses circumventing code inserted into it. ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
Inderscience Publishers
Geneva 15, Switzerland
Publication History
Published: 01 January 2017
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 11 Jan 2025