Visible to the public Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks

TitleCatch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks
Publication TypeJournal Article
Year of Publication2014
AuthorsRastogi, V., Yan Chen, Xuxian Jiang
JournalInformation Forensics and Security, IEEE Transactions on
Volume9
Pagination99-108
Date PublishedJan
ISSN1556-6013
Keywordsandroid, Android antimalware, Androids, anti-malware, commercial mobile antimalware products, DroidChameleon, Encryption, Humanoid robots, invasive software, Malware, malware authors, malware detection, malware transformation, mobile, Mobile communication, mobile computing, mobile devices, Mobile handsets, mobile malware threats, next-generation solutions, obfuscation techniques, operating systems (computers), transformation attacks
Abstract

Mobile malware threats (e.g., on Android) have recently become a real concern. In this paper, we evaluate the state-of-the-art commercial mobile anti-malware products for Android and test how resistant they are against various common obfuscation techniques (even with known malware). Such an evaluation is important for not only measuring the available defense against mobile malware threats, but also proposing effective, next-generation solutions. We developed DroidChameleon, a systematic framework with various transformation techniques, and used it for our study. Our results on 10 popular commercial anti-malware applications for Android are worrisome: none of these tools is resistant against common malware transformation techniques. In addition, a majority of them can be trivially defeated by applying slight transformation over known malware with little effort for malware authors. Finally, in light of our results, we propose possible remedies for improving the current state of malware detection on mobile devices.

DOI10.1109/TIFS.2013.2290431
Citation Key6661334