Catch Me If You Can Evaluating Android Anti-Malware against Transformation Attacks

Catch Me If You Can: Evaluating Android Anti-Malware against   Transformation Attacks

Mobile malware threats (e.g., on Android) have recently become a real concern. In this paper, weevaluate the state-of-the-art commercial mobile anti-malware products for Android and test how resistant they are against various common obfuscation techniques (even with known malware). Such an evaluation is important for not only measuring the available defense against mobile malware threats, but also proposing effective, next-generation solutions. We developed DroidChameleon, a systematic framework with various transformation techniques, and used it for our study. Our results on 10 popular commercial anti-malware applications for Android are worrisome: none of these tools is resistantagainst common malware transformation techniques. In addition, a majority of them can be trivially defeated by applying slight transformation over known malware with little effort for malware authors. Finally, in light of our results, we propose possible remedies for improving the current state of malwaredetection on mobile devices.

Comments are closed.