Paper Info
Title
Testing android malware detectors against code obfuscation: a systematization of knowledge and unified methodology.
Abstract
The authors of mobile-malware have started to leverage program protection techniques to circumvent anti-viruses, or simply hinder reverse engineering. In response to the diffusion of anti-virus applications, several researches have proposed a plethora of analyses and approaches to highlight their limitations when malware authors employ program-protection techniques. An important contribution of this work is a systematization of the state of the art of anti-virus apps, comparing the existing approaches and providing a detailed analysis of their pros and cons. As a result of our systematization, we notice the lack of openness and reproducibility that, in our opinion, are crucial for any analysis methodology. Following this observation, the second contribution of this work is an open, reproducible, rigorous methodology to assess the effectiveness of mobile anti-virus tools against code-transformation attacks. Our unified workflow, released in the form of an open-source prototype, comprises a comprehensive set of obfuscation operators. It is intended to be used by anti-virus developers and vendors to test the resilience of their products against a large dataset of malware samples and obfuscations, and to obtain insights on how to improve their products with respect to particular classes of code-transformation attacks.
Year
DOI
Venue
2017
10.1007/s11416-016-0282-2
J. Computer Virology and Hacking Techniques
Keywords
Field
DocType
Android malware detection, Code obfuscation
Psychological resilience,Software engineering,Computer security,Computer science,Reverse engineering,Android malware,Notice,Obfuscation (software),Malware,Obfuscation,Workflow
Journal
Volume
Issue
ISSN
13
3
2263-8733
Citations 
PageRank 
References 
5
0.45
10
Authors
2
Name
Order
Citations
PageRank
Mila Dalla Preda120819.18
Federico Maggi252437.68