PANDORA applies non-deterministic obfuscation randomly to Android

2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE) Pub Date : 2013-10-01 DOI:10.1109/MALWARE.2013.6703686

Mykola Protsenko, Tilo Müller

{"title":"PANDORA applies non-deterministic obfuscation randomly to Android","authors":"Mykola Protsenko, Tilo Müller","doi":"10.1109/MALWARE.2013.6703686","DOIUrl":null,"url":null,"abstract":"Android, a Linux-based operating system, is currently the most popular platform for mobile devices like smart-phones and tablets. Recently, two closely related security threats have become a major concern of the research community: software piracy and malware. This paper studies the capabilities of code obfuscation for the purposes of plagiarized software and malware diversification. Within the scope of this work, the PANDORA (PANDORA Applies Non-Deterministic Obfuscation Randomly to Android) transformation system for Android bytecode was designed and implemented, combining techniques for data and object-oriented design obfuscation. Our evaluation results indicate deficiencies of the malware detection engines currently used in 46 popular antivirus products, which in most cases were not able to detect samples obfuscated with PANDORA. Furthermore, this paper reveals shortcomings of the Androsim tool and potentially other static software similarity algorithms, recently proposed to address the piracy problem in Android.","PeriodicalId":325281,"journal":{"name":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","volume":"2015 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MALWARE.2013.6703686","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

Abstract

Android, a Linux-based operating system, is currently the most popular platform for mobile devices like smart-phones and tablets. Recently, two closely related security threats have become a major concern of the research community: software piracy and malware. This paper studies the capabilities of code obfuscation for the purposes of plagiarized software and malware diversification. Within the scope of this work, the PANDORA (PANDORA Applies Non-Deterministic Obfuscation Randomly to Android) transformation system for Android bytecode was designed and implemented, combining techniques for data and object-oriented design obfuscation. Our evaluation results indicate deficiencies of the malware detection engines currently used in 46 popular antivirus products, which in most cases were not able to detect samples obfuscated with PANDORA. Furthermore, this paper reveals shortcomings of the Androsim tool and potentially other static software similarity algorithms, recently proposed to address the piracy problem in Android.

查看原文本刊更多论文

PANDORA随机对Android应用非确定性混淆

Android是一个基于linux的操作系统，目前是智能手机和平板电脑等移动设备最流行的平台。最近，两种密切相关的安全威胁已经成为研究界关注的主要问题:软件盗版和恶意软件。本文研究了针对盗版软件和恶意软件多样化的代码混淆能力。在本工作范围内，结合数据和面向对象设计混淆技术，设计并实现了Android字节码的PANDORA (PANDORA applied Non-Deterministic Obfuscation random to Android)转换系统。我们的评估结果表明，目前46种流行的防病毒产品中使用的恶意软件检测引擎存在缺陷，在大多数情况下，这些引擎无法检测到被PANDORA混淆的样本。此外，本文还揭示了最近提出的用于解决Android盗版问题的Android工具和其他潜在的静态软件相似算法的缺点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE)

自引率

0.00%

发文量