In the past few years, Android security is enhanced and state-of-the-art anti-malware tools have been introduced to counter Android malware. These tools use both static and dynamic analysis techniques to detect malicious applications. Despite these, the attack surface against Android phones has risen exponentially and malware detection tools are failed to counter sophisticated threats. Therefore, it is a need to audit and evaluate Anti Malware Solutions (AMTs). In our research, we have analyzed various Android malware evasion techniques, along with their pros and cons. Moreover, we conducted a detailed comparison of existing anti-malware tools and measured their efficacy against the discussed evasion techniques. Finally, a more sophisticated anti-malware evasion technique is proposed that uses exhaustive obfuscation and remote code execution to audit static and dynamic detection capabilities of AMTs. The proposed technique is practically validated and results prove that it evades all known anti-malware solutions. This technique can be utilized by anti-malware solution providers for making their products more resilient and powerful.

A Malware Evasion Technique for Auditing Android Anti-Malware Solutions

M. Fugini;
2021-01-01

Abstract

In the past few years, Android security is enhanced and state-of-the-art anti-malware tools have been introduced to counter Android malware. These tools use both static and dynamic analysis techniques to detect malicious applications. Despite these, the attack surface against Android phones has risen exponentially and malware detection tools are failed to counter sophisticated threats. Therefore, it is a need to audit and evaluate Anti Malware Solutions (AMTs). In our research, we have analyzed various Android malware evasion techniques, along with their pros and cons. Moreover, we conducted a detailed comparison of existing anti-malware tools and measured their efficacy against the discussed evasion techniques. Finally, a more sophisticated anti-malware evasion technique is proposed that uses exhaustive obfuscation and remote code execution to audit static and dynamic detection capabilities of AMTs. The proposed technique is practically validated and results prove that it evades all known anti-malware solutions. This technique can be utilized by anti-malware solution providers for making their products more resilient and powerful.
2021
30th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE 2021
978-166542789-0
Antivirus Evasion, Android Security, Malware Analysis, Code Obfuscation, Anti-malware Tools (AMTs)
File in questo prodotto:
File Dimensione Formato  
Malware_Evasion_Technique_for_Auditing (002).pdf

accesso aperto

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 332.55 kB
Formato Adobe PDF
332.55 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1181623
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 2
social impact