Preprints‎ > ‎

Obfuscation techniques against signature-based detection: a case study by Gerardo Canfora, Andrea Di Sorbo, Francesco Mercaldo, Corrado Aaron Visaggio

pubblicato 24 mag 2016, 02:07 da Gerardo Canfora
Android malware is increasingly growing in terms of complexity. In order to evade signature-based detection, which represents the most adopted technique by current antimalware vendors, malware writers begin to deploy malware with the ability to change their code as they propagate. In this paper, our aim is to evaluate the robustness of Android antimalware tools when various evasion techniques are used to obfuscate malicious payloads. To support this assessment we realized a tool which applies a number of common trans- formations on the code of malware applications, and applied these transformations to about 5000 malware apps. Our results demonstrate that, after the code transformations, the malware is not detected by a large set of antimalware tools, even when, before applying the transformations, malware was correctly identified by most antimalware tools. Such outcomes suggest that malware detection methods must be quickly re-designed for protecting successfully smart devices.
Mobile System Technologies Workshop (MST-2015)

Gerardo Canfora,
24 mag 2016, 02:07