Android杀毒软件检测逻辑推理及有效性评估

Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy Pub Date : 2016-03-09 DOI:10.1145/2857705.2857719

Zhenquan Cai, R. Yap

{"title":"Android杀毒软件检测逻辑推理及有效性评估","authors":"Zhenquan Cai, R. Yap","doi":"10.1145/2857705.2857719","DOIUrl":null,"url":null,"abstract":"Malware on Android has been reported to be on the rise. There are many anti-virus (AV) apps available on Android. However, most AVs are presented as black-boxes without details given about their workings. In this paper, we propose to determine the key elements used by the AVs, which we call inferring the AV detection logic, through a black-box testing methodology. We perform a large scale experiment on 57 Android AVs using 2000 malware variants to evaluate whether the detection logic can be found and whether the AVs can detect the malware. Our experiments show that a majority of AVs detect malware using simple static features. Such features can be easily obfuscated by renaming or encrypting strings and data, which can make it easy to evade some AVs. We also observe trends showing that AVs use common features to detect malware across all families.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Inferring the Detection Logic and Evaluating the Effectiveness of Android Anti-Virus Apps\",\"authors\":\"Zhenquan Cai, R. Yap\",\"doi\":\"10.1145/2857705.2857719\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware on Android has been reported to be on the rise. There are many anti-virus (AV) apps available on Android. However, most AVs are presented as black-boxes without details given about their workings. In this paper, we propose to determine the key elements used by the AVs, which we call inferring the AV detection logic, through a black-box testing methodology. We perform a large scale experiment on 57 Android AVs using 2000 malware variants to evaluate whether the detection logic can be found and whether the AVs can detect the malware. Our experiments show that a majority of AVs detect malware using simple static features. Such features can be easily obfuscated by renaming or encrypting strings and data, which can make it easy to evade some AVs. We also observe trends showing that AVs use common features to detect malware across all families.\",\"PeriodicalId\":377412,\"journal\":{\"name\":\"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-03-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2857705.2857719\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2857705.2857719","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

据报道，Android上的恶意软件数量呈上升趋势。安卓系统上有很多杀毒软件。然而，大多数自动驾驶汽车都以黑盒子的形式呈现，没有提供有关其工作原理的细节。在本文中，我们建议通过黑盒测试方法来确定自动驾驶汽车使用的关键元素，我们称之为推断自动驾驶汽车检测逻辑。我们在57辆Android自动驾驶汽车上使用2000种恶意软件变体进行了大规模实验，以评估是否可以找到检测逻辑以及自动驾驶汽车是否可以检测到恶意软件。我们的实验表明，大多数自动驾驶汽车使用简单的静态特征检测恶意软件。通过重命名或加密字符串和数据，可以很容易地混淆这些功能，这可以很容易地逃避一些av。我们还观察到趋势表明，自动驾驶汽车使用通用功能来检测所有家庭的恶意软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Inferring the Detection Logic and Evaluating the Effectiveness of Android Anti-Virus Apps

Malware on Android has been reported to be on the rise. There are many anti-virus (AV) apps available on Android. However, most AVs are presented as black-boxes without details given about their workings. In this paper, we propose to determine the key elements used by the AVs, which we call inferring the AV detection logic, through a black-box testing methodology. We perform a large scale experiment on 57 Android AVs using 2000 malware variants to evaluate whether the detection logic can be found and whether the AVs can detect the malware. Our experiments show that a majority of AVs detect malware using simple static features. Such features can be easily obfuscated by renaming or encrypting strings and data, which can make it easy to evade some AVs. We also observe trends showing that AVs use common features to detect malware across all families.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy

自引率

0.00%

发文量