Composition-malware: building Android malware at run time

被引:34
作者
Canfora, Gerardo [1 ]
Mercaldo, Francesco [1 ]
Moriano, Giovanni [1 ]
Visaggio, Corrado Aaron [1 ]
机构
[1] Univ Sannio, Dept Engn, Benevento, Italy
来源
PROCEEDINGS 10TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY ARES 2015 | 2015年
关键词
security; Android; malware; virus; reflection; dynamic loading;
D O I
10.1109/ARES.2015.64
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present a novel model of malware for Android, named composition-malware, which consists of composing fragments of code hosted on different and scattered locations at run time. An key feature of the model is that the malicious behavior could dynamically change and the payload could be activated under logic or temporal conditions. These characteristics allow a malware written according to this model to evade current malware detection technologies for Android platform, as the evaluation has demonstrated. The aim of the paper is to propose new approaches to malware detection that should be adopted in anti-malware tools for blocking a composition-malware.
引用
收藏
页码:318 / 326
页数:9
相关论文
共 23 条
  • [1] Andrubis, MALW AN UNKN BIN
  • [2] [Anonymous], 2009, P 16 ACM C COMP COMM
  • [3] [Anonymous], 2012, P 33 IEEE S SEC PRIV
  • [4] [Anonymous], [No title captured]
  • [5] [Anonymous], P 22 USENIX C SEC
  • [6] Arabo A., 2013, P 19 INT C CONTR SYS
  • [7] Bellissimo A., 2006, P HOTSEC 06 1 USENIX
  • [8] Benton K., 2013, P PERV COMP COMM WOR
  • [9] Buchanan E., 2008, P 15 ACM C COMP COMM
  • [10] Burguera I., 2011, P ACM WORKSH SEC PRI
123