Paper Info
Title
Mystique: Evolving Android Malware for Auditing Anti-Malware Tools.
Abstract
In the arms race of attackers and defenders, the defense is usually more challenging than the attack due to the unpredicted vulnerabilities and newly emerging attacks every day. Currently, most of existing malware detection solutions are individually proposed to address certain types of attacks or certain evasion techniques. Thus, it is desired to conduct a systematic investigation and evaluation of anti-malware solutions and tools based on different attacks and evasion techniques. In this paper, we first propose a meta model for Android malware to capture the common attack features and evasion features in the malware. Based on this model, we develop a framework, MYSTIQUE, to automatically generate malware covering four attack features and two evasion features, by adopting the software product line engineering approach. With the help of MYSTIQUE, we conduct experiments to 1) understand Android malware and the associated attack features as well as evasion techniques; 2) evaluate and compare the 57 off-the-shelf anti-malware tools, 9 academic solutions and 4 App market vetting processes in terms of accuracy in detecting attack features and capability in addressing evasion. Last but not least, we provide a benchmark of Android malware with proper labeling of contained attack and evasion features.
Year
DOI
Venue
2016
10.1145/2897845.2897856
AsiaCCS
Keywords
Field
DocType
Android Feature Model, Defense Capability, Malware Generation, Evolutionary Algorithm
Vetting,Cryptovirology,World Wide Web,Internet privacy,Audit,Evolutionary algorithm,Computer science,Computer security,Android malware,Software product line,Malware,Metamodeling
Conference
Citations 
PageRank 
References 
16
0.59
45
Authors
7
Name
Order
Citations
PageRank
Guozhu Meng1273.41
Yinxing Xue226822.91
Mahinthan Chandramohan322211.67
Annamalai Narayanan4765.12
Yang Liu52194188.81
Jie Zhang61995156.26
Tieming Chen7295.11