S. Kim, Hyung-Woo Lee, Jae-Deok Lim, Jeongnyeo Kim
{"title":"基于android智能手机的变形恶意移动代码检测","authors":"S. Kim, Hyung-Woo Lee, Jae-Deok Lim, Jeongnyeo Kim","doi":"10.1504/IJAMC.2017.10004905","DOIUrl":null,"url":null,"abstract":"By repackaging a malicious code into reverse compiled legitimate mobile code, malware authors can bypass detection step on existing mobile vaccine software using inserting AES-encrypted root exploits to loading some payload from a malicious remote server dynamically. In this case, malicious codes are constantly changing to evade detection steps by continuing its evolution by operating a metamorphic code by adding new propagation vectors, functionality, and stealth techniques to hide its presence and evade the detection of antivirus software. Those metamorphic features are aimed at changing the form of each instance of the malware by using encryption or appended/pre-pended dummy code into internal code of mobile apps. Therefore, we propose a new system to determine and detect metamorphic malicious mobile code by extracting dynamic features activated from Android platform using extended dynamic analysis technique.","PeriodicalId":134413,"journal":{"name":"Int. J. Adv. Media Commun.","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detection of metamorphic malicious mobile code on android-based smartphones\",\"authors\":\"S. Kim, Hyung-Woo Lee, Jae-Deok Lim, Jeongnyeo Kim\",\"doi\":\"10.1504/IJAMC.2017.10004905\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"By repackaging a malicious code into reverse compiled legitimate mobile code, malware authors can bypass detection step on existing mobile vaccine software using inserting AES-encrypted root exploits to loading some payload from a malicious remote server dynamically. In this case, malicious codes are constantly changing to evade detection steps by continuing its evolution by operating a metamorphic code by adding new propagation vectors, functionality, and stealth techniques to hide its presence and evade the detection of antivirus software. Those metamorphic features are aimed at changing the form of each instance of the malware by using encryption or appended/pre-pended dummy code into internal code of mobile apps. Therefore, we propose a new system to determine and detect metamorphic malicious mobile code by extracting dynamic features activated from Android platform using extended dynamic analysis technique.\",\"PeriodicalId\":134413,\"journal\":{\"name\":\"Int. J. Adv. Media Commun.\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Adv. Media Commun.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/IJAMC.2017.10004905\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Adv. Media Commun.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJAMC.2017.10004905","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detection of metamorphic malicious mobile code on android-based smartphones
By repackaging a malicious code into reverse compiled legitimate mobile code, malware authors can bypass detection step on existing mobile vaccine software using inserting AES-encrypted root exploits to loading some payload from a malicious remote server dynamically. In this case, malicious codes are constantly changing to evade detection steps by continuing its evolution by operating a metamorphic code by adding new propagation vectors, functionality, and stealth techniques to hide its presence and evade the detection of antivirus software. Those metamorphic features are aimed at changing the form of each instance of the malware by using encryption or appended/pre-pended dummy code into internal code of mobile apps. Therefore, we propose a new system to determine and detect metamorphic malicious mobile code by extracting dynamic features activated from Android platform using extended dynamic analysis technique.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
