Abstract
With the rising threat of smartphone malware, both academic community and commercial anti-virus companies proposed many methodologies and products to defend against smartphone malware. Thus, how to assess the effectiveness of these defense mechanisms against existing and unknown malware becomes important. We propose ADAM, an automated and extensible system that can evaluate, via large-scale stress tests, the effectiveness of anti-virus systems against a variety of malware samples for the Android platform. Specifically, ADAM can automatically transform an original malware sample to different variants via repackaging and obfuscation techniques in order to evaluate the robustness of different anti-virus systems against malware mutation. The transformation and evaluation processes of ADAM are fully automatic, generic, and extensible for different types of malware, anti-virus systems, and malware transformation techniques. We demonstrate the efficacy of ADAM using 222 Android malware samples that we collected in the wild. Using ADAM, we generate different variants based on our collected malware samples, and evaluate the detection of these variants against commercial anti-virus systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Androguard (2010), http://code.google.com/p/androguard/
Android. Android Developers - Building and Running, http://developer.android.com/guide/developing/building/index.html
Android. Log, http://developer.android.com/reference/android/util/Log.html
Android. Signing Your Applications, http://developer.android.com/guide/publishing/app-signing.html
Android. zipalign, http://developer.android.com/guide/developing/tools/zipalign.html
Android Market, https://market.android.com/
Anti-Malware Testing Standards Organization, http://www.amtso.org
Antiy, http://www.antiy.net
Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral Detection of Malware on Mobile Handsets. In: Proc. of ACM MobiSys (2008)
Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-Based Malware Detection System for Android. In: ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)
Cesare, S., Xiang, Y.: Classification of Malware Using Structured Control Flow. In: Proc. of the Eighth Australasian Symposium on Parallel and Distributed Computing (2010)
Cheng, J., Wong, S.H., Yang, H., Lu, S.: SmartSiren: Virus Detection and Alert for Smartphones. In: Proc. of ACM MobiSys (2007)
Christodorescu, M., Jha, S.: Static Analysis of Executables to Detect Malicious Patterns. In: Proc. of USENIX Security Symposium (2003)
Christodorescu, M., Jha, S.: Testing Malware Detectors. In: Proc. of ISSTA (2004)
Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-Aware Malware Detection. In: IEEE Symposium on Security and Privacy (2005)
Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations. Technical Report 148, Dept. of Computer Science, University of Auckland, New Zealand (July 1997)
Contagio Mobile, http://contagiominidump.blogspot.com/
Dagon, D., Martin, T., Starner, T.: Mobile Phones as Computing Devices: The Viruses are Coming! Pervasive Computing 3(4), 11–15 (2004)
dex2jar, http://code.google.com/p/dex2jar/
Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: Detecting Privacy Leaks in iOS Applications. In: Proc. of NDSS (2011)
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proc. of USENIX OSDI (2010)
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A Study of Android Application Security. In: Proc. of USENIX Security Symposium (2011)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proc. of ACM CCS (2011)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A Survey of Mobile Malware in the Wild. In: Proc. of ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)
Guo, C., Wang, H.J., Zhu, W.: Smart-Phone Attacks and Defenses. In: ACM SIGCOMM HotNets (2004)
Harley, D.: Making Sense of Anti-Malware Comparative Testing. Information Security Tech. Report 14(1) (February 2009)
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These Aren’t the Droids You’re Looking For: Retrofitting Android to Protect Data from Imperious Applications. In: Proc. of ACM CCS (2011)
Hurlbut, D.: Fuzzy Hashing for Digital Forensic Investigators (May 2011), http://accessdata.com/downloads/media/Fuzzy_Hashing_for_Investigators.pdf
IDC. Worldwide Smartphone Market Expected to Grow 55% in 2011 and Approach Shipments of One Billion in 2015, According to IDC (June 2011), http://www.idc.com/getdoc.jsp?containerId=prUS22871611
IDM Computer Solutions, Inc. File Compare | UltraCompare Professional (2011) http://www.ultraedit.com/products/ultracompare.html
Jamaluddin, J., Zotou, N., Edwards, R., Coulton, P.: Mobile Phone Vulnerabilities: A New Generation of Malware. In: Proc. of IEEE Int. Symp. on Consumer Electronics (2004)
Java Decompiler, http://java.decompiler.free.fr/
JesusFreke. smali (2011), http://code.google.com/p/smali/
Liu, L., Yan, G., Zhang, X., Chen, S.: VirusMeter: Preventing Your Cellphone from Spies. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 244–264. Springer, Heidelberg (2009)
McAfee Labs. McAfee Threats Report: Second Quarter 2011 (2011)
Morales, J.A., Clarke, P.J., Deng, Y.: Testing and Evaluating Virus Detectors for Handheld Devices. Journal in Computer Virology 2(2), 135–147 (2006)
Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: Proc. of ACSAC (2007)
Muttik, I., Vignoles, J.: Rebuilding Anti-Malware Testing for the Future. In: Virus Bulletin Conference (2008)
Oberheide, J., Cooke, E., Jahanian, F.: CloudAV: N-Version Antivirus in the Network Cloud. In: Proc. of USENIX Security (2008)
Oracle. JDK Tools and Utilities (2010), http://download.oracle.com/javase/1.5.0/docs/tooldocs/#security
Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Android: Versatile Protection For Smartphones. In: Proc. of ACSAC (2010)
Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In: Proc. of NDSS (2011)
Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yüksely, K.A., Camtepe, S.A., Albayrak, S.: Static Analysis of Executables for Collaborative Malware Detection on Android. In: Proc. of IEEE ICC (2009)
Schmidt, A.-D., Schmidt, H.-G., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, S., Yildizli, C.: Smartphone Malware Evolution Revisited: Android Next Target? In: Proc. of MALWARE (2009)
Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for android devices. Journal of Intell. Info. Syst. 37, 1–30 (2011)
Symantec. SymbOS.Cabir (June 2004), http://www.symantec.com/security_response/writeup.jsp?docid=2004-061419-4412-99
Tencent Mobile Security Lab. Disguised the explosive growth of the virus (October 2011) http://www.tastecate.com/freepages353623
TGDaily. Smartphone Malware at an All-Time High (December 2010), http://www.tgdaily.com/security-brief/53060-smartphone-malware-at-an-all-time-high
Vesselin: Dexid (2011), http://dl.dropbox.com/u/34034939/dexid.zip
VirusTotal, http://www.virustotal.com
Xie, L., Zhang, X., Chaugule, A., Jaeger, T., Zhu, S.: Designing System-Level Defenses against Cellphone Malware. In: Proc. of IEEE SRDS (2009)
Ye, S.: Android Market is Currently Blocked in China. Here are your Alternatives (September 2011), http://techrice.com/2011/10/09/android-market-is-currently-blocked-in-china-here-are-your-alternatives/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zheng, M., Lee, P.P.C., Lui, J.C.S. (2013). ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems. In: Flegel, U., Markatos, E., Robertson, W. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2012. Lecture Notes in Computer Science, vol 7591. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37300-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-37300-8_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37299-5
Online ISBN: 978-3-642-37300-8
eBook Packages: Computer ScienceComputer Science (R0)