Abstract
The number of mobile devices has increased dramatically in the past few years. These smart devices provide many useful functionalities accessible from anywhere at anytime, such as reading and writing e-mails, surfing on the Internet, showing facilities nearby, and the like. Hence, they become an inevitable part of our daily lives. However the popularity and adoption of mobile devices also attract virus writers in order to harm our devices. So, many security companies have already proposed new solutions in order to protect our mobile devices from such malicious attempts. However developing methodologies that detect unknown malwares is a research challenge, especially on devices with limited resources. This study presents a method that evolves automatically variants of malwares from the ones in the wild by using genetic programming (GP). We aim to evaluate the efficacy of current anti-virus products, using static analysis techniques, in the market. The experimental results show the weaknesses of the static analysis tools available in the market, and the need of new detection techniques suitable for mobile devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kaspersky Lab.: Mobile malware evolution: 3 infection attempts per user in 2013. http://www.kaspersky.com/about/news/virus/2014/Mobile-malware-evolution-3-infection-attempts-per-user-in-2013
Kayacık, H.G., Heywood, M.I., Zincir-Heywood, A.N.: On evolving buffer overflow attacks using genetic programming. In: Proceedings of the 8th Annual Conference on Genetic and Evolutionary Computation, pp. 1667–1674. ACM (2006)
Kayacık, H.G., Zincir-Heywood, A.N., Heywood, M.I., Burschka, S.: Generating mimicry attacks using genetic programming: a benchmarking study. In: Proceedings of IEEE Symposium on Computational Intelligence in Cyber Security, pp. 136–143 (2009)
Kayacık, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Can a good offense be a good defense? Vulnerability testing of anomaly detectors through an artificial arms race. Appl. Soft Comput. 11(7), 4366–4383 (2011)
Kayacık, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Evolutionary computation as an artificial attacker: generating evasion attacks for detector vulnerability testing. Evol. Intel. 4(4), 243–266 (2011)
AV-TEST: The independent it-security institute. http://www.av-test.org/en/home/
Zheng, M., Lee, P.P.C., Lui, J.C.S.: ADAM: an automatic and extensible platform to stress test android anti-virus systems. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 82–101. Springer, Heidelberg (2013)
Rastogi, V., Chen, Y., Jiang, X.: DroidChameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 329–334. ACM (2013)
Zelix KlassMaster: Java obfuscator - zelix klassmaster. http://www.zelix.com/
Christodorescu, M., Jha, S.: Testing malware detectors. In: Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 34–44 (2004)
Morales, J., Clarke, P., Deng, Y., Golam Kibria, B.: Testing and evaluating virus detectors for handheld devices. J. Comput. Virol. 2(2), 135–147 (2006)
Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proceedings of Computer Security Applications Conference, pp. 421–430 (2007)
Wu, L., Zhang, Y.: Research of the computer virus evolution model based on immune genetic algorithm. In: Proceedings of the 10th IEEE/ACIS International Conference on Computer and Information Science, pp. 9–13. IEEE Computer Society (2011)
Sadia, N., Shafaq, M., Zubair, S.M., Muddassar, F.: Evolvable malware. In: Proceedings of the 11th Annual Conference on Genetic and Evolutionary Computation, pp. 1569–1576. ACM (2009)
Shahzad, F., Saleem, M., Farooq, M.: A hybrid framework for malware detection on smartphones using ELF structural & PCB runtime traces. Technical report, TR-58 FAST-National University, Pakistan (2012)
Noreen, S., Murtaza, S., Shafiq, M.Z., Farooq, M.: Using formal grammar and genetic operators to evolve malware. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 375–377. Springer, Heidelberg (2009)
You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: Proceedings of the International Conference on Broadband, Wireless Computing, Communication and Applications, pp. 297–300 (2010)
Christodorescu, M., Kinder, J., Jha, S., Katzenbeisser, S., Veith, H., Munchen, T.U.: Malware normalization. Technical report, 1539, University of Wisconsin (2005)
JAD: Java decompiler download mirror. http://varaneckas.com/jad/
JEB: The interactive android decompiler. http://www.android-decompiler.com/
Android: Bytecode for the dalvik VM. https://source.android.com/devices/tech/dalvik/dalvik-bytecode.html
Apktool: A tool for reverse engineering android apk files. https://code.google.com/p/android-apktool/
Smali: An assembler/disassembler for androids dex format. https://code.google.com/p/smali/
Koza, J.R.: Genetic Programming: On the Programming of Computers by Means of Natural Selection. MIT Press, Cambridge (1992)
ECJ: A java-based evolutionary computation research system. http://cs.gmu.edu/eclab/projects/ecj/
Ozkan, H.B., Aydogan, E., Sen, S.: An ensemble learning approach to mobile malware detection. Technical report, Department of Computer Engineering, Hacettepe University (2014)
Oracle: keytool - key and certificate management tool. http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html
Oracle: jarsigner.http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, pp. 95–109. IEEE Computer Society (2012)
Acknowledgement
This study is supported by the Scientific and Technological Research Council of Turkey (TUBITAK-112E354). We would like to thank TUBITAK for its support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Aydogan, E., Sen, S. (2015). Automatic Generation of Mobile Malwares Using Genetic Programming. In: Mora, A., Squillero, G. (eds) Applications of Evolutionary Computation. EvoApplications 2015. Lecture Notes in Computer Science(), vol 9028. Springer, Cham. https://doi.org/10.1007/978-3-319-16549-3_60
Download citation
DOI: https://doi.org/10.1007/978-3-319-16549-3_60
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16548-6
Online ISBN: 978-3-319-16549-3
eBook Packages: Computer ScienceComputer Science (R0)