Skip to main content

ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems

  • Conference paper
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2012)

Abstract

With the rising threat of smartphone malware, both academic community and commercial anti-virus companies proposed many methodologies and products to defend against smartphone malware. Thus, how to assess the effectiveness of these defense mechanisms against existing and unknown malware becomes important. We propose ADAM, an automated and extensible system that can evaluate, via large-scale stress tests, the effectiveness of anti-virus systems against a variety of malware samples for the Android platform. Specifically, ADAM can automatically transform an original malware sample to different variants via repackaging and obfuscation techniques in order to evaluate the robustness of different anti-virus systems against malware mutation. The transformation and evaluation processes of ADAM are fully automatic, generic, and extensible for different types of malware, anti-virus systems, and malware transformation techniques. We demonstrate the efficacy of ADAM using 222 Android malware samples that we collected in the wild. Using ADAM, we generate different variants based on our collected malware samples, and evaluate the detection of these variants against commercial anti-virus systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Androguard (2010), http://code.google.com/p/androguard/

  2. Android. Android Developers - Building and Running, http://developer.android.com/guide/developing/building/index.html

  3. Android. Log, http://developer.android.com/reference/android/util/Log.html

  4. Android. Signing Your Applications, http://developer.android.com/guide/publishing/app-signing.html

  5. Android. zipalign, http://developer.android.com/guide/developing/tools/zipalign.html

  6. Android Market, https://market.android.com/

  7. Anti-Malware Testing Standards Organization, http://www.amtso.org

  8. Antiy, http://www.antiy.net

  9. Apktool, http://code.google.com/p/android-apktool/

  10. Bose, A., Hu, X., Shin, K.G., Park, T.: Behavioral Detection of Malware on Mobile Handsets. In: Proc. of ACM MobiSys (2008)

    Google Scholar 

  11. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-Based Malware Detection System for Android. In: ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)

    Google Scholar 

  12. Cesare, S., Xiang, Y.: Classification of Malware Using Structured Control Flow. In: Proc. of the Eighth Australasian Symposium on Parallel and Distributed Computing (2010)

    Google Scholar 

  13. Cheng, J., Wong, S.H., Yang, H., Lu, S.: SmartSiren: Virus Detection and Alert for Smartphones. In: Proc. of ACM MobiSys (2007)

    Google Scholar 

  14. Christodorescu, M., Jha, S.: Static Analysis of Executables to Detect Malicious Patterns. In: Proc. of USENIX Security Symposium (2003)

    Google Scholar 

  15. Christodorescu, M., Jha, S.: Testing Malware Detectors. In: Proc. of ISSTA (2004)

    Google Scholar 

  16. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-Aware Malware Detection. In: IEEE Symposium on Security and Privacy (2005)

    Google Scholar 

  17. Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations. Technical Report 148, Dept. of Computer Science, University of Auckland, New Zealand (July 1997)

    Google Scholar 

  18. Contagio Mobile, http://contagiominidump.blogspot.com/

  19. Dagon, D., Martin, T., Starner, T.: Mobile Phones as Computing Devices: The Viruses are Coming! Pervasive Computing 3(4), 11–15 (2004)

    Article  Google Scholar 

  20. dex2jar, http://code.google.com/p/dex2jar/

  21. Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: Detecting Privacy Leaks in iOS Applications. In: Proc. of NDSS (2011)

    Google Scholar 

  22. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proc. of USENIX OSDI (2010)

    Google Scholar 

  23. Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A Study of Android Application Security. In: Proc. of USENIX Security Symposium (2011)

    Google Scholar 

  24. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proc. of ACM CCS (2011)

    Google Scholar 

  25. Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A Survey of Mobile Malware in the Wild. In: Proc. of ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (2011)

    Google Scholar 

  26. Guo, C., Wang, H.J., Zhu, W.: Smart-Phone Attacks and Defenses. In: ACM SIGCOMM HotNets (2004)

    Google Scholar 

  27. Harley, D.: Making Sense of Anti-Malware Comparative Testing. Information Security Tech. Report 14(1) (February 2009)

    Google Scholar 

  28. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These Aren’t the Droids You’re Looking For: Retrofitting Android to Protect Data from Imperious Applications. In: Proc. of ACM CCS (2011)

    Google Scholar 

  29. Hurlbut, D.: Fuzzy Hashing for Digital Forensic Investigators (May 2011), http://accessdata.com/downloads/media/Fuzzy_Hashing_for_Investigators.pdf

  30. IDC. Worldwide Smartphone Market Expected to Grow 55% in 2011 and Approach Shipments of One Billion in 2015, According to IDC (June 2011), http://www.idc.com/getdoc.jsp?containerId=prUS22871611

  31. IDM Computer Solutions, Inc. File Compare | UltraCompare Professional (2011) http://www.ultraedit.com/products/ultracompare.html

  32. Jamaluddin, J., Zotou, N., Edwards, R., Coulton, P.: Mobile Phone Vulnerabilities: A New Generation of Malware. In: Proc. of IEEE Int. Symp. on Consumer Electronics (2004)

    Google Scholar 

  33. Java Decompiler, http://java.decompiler.free.fr/

  34. JesusFreke. smali (2011), http://code.google.com/p/smali/

  35. Liu, L., Yan, G., Zhang, X., Chen, S.: VirusMeter: Preventing Your Cellphone from Spies. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 244–264. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  36. McAfee Labs. McAfee Threats Report: Second Quarter 2011 (2011)

    Google Scholar 

  37. Morales, J.A., Clarke, P.J., Deng, Y.: Testing and Evaluating Virus Detectors for Handheld Devices. Journal in Computer Virology 2(2), 135–147 (2006)

    Article  Google Scholar 

  38. Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: Proc. of ACSAC (2007)

    Google Scholar 

  39. Muttik, I., Vignoles, J.: Rebuilding Anti-Malware Testing for the Future. In: Virus Bulletin Conference (2008)

    Google Scholar 

  40. Oberheide, J., Cooke, E., Jahanian, F.: CloudAV: N-Version Antivirus in the Network Cloud. In: Proc. of USENIX Security (2008)

    Google Scholar 

  41. Oracle. JDK Tools and Utilities (2010), http://download.oracle.com/javase/1.5.0/docs/tooldocs/#security

  42. Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Android: Versatile Protection For Smartphones. In: Proc. of ACSAC (2010)

    Google Scholar 

  43. Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In: Proc. of NDSS (2011)

    Google Scholar 

  44. Schmidt, A.-D., Bye, R., Schmidt, H.-G., Clausen, J., Kiraz, O., Yüksely, K.A., Camtepe, S.A., Albayrak, S.: Static Analysis of Executables for Collaborative Malware Detection on Android. In: Proc. of IEEE ICC (2009)

    Google Scholar 

  45. Schmidt, A.-D., Schmidt, H.-G., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, S., Yildizli, C.: Smartphone Malware Evolution Revisited: Android Next Target? In: Proc. of MALWARE (2009)

    Google Scholar 

  46. Shabtai, A., Kanonov, U., Elovici, Y., Glezer, C., Weiss, Y.: Andromaly: a behavioral malware detection framework for android devices. Journal of Intell. Info. Syst. 37, 1–30 (2011)

    Article  Google Scholar 

  47. Symantec. SymbOS.Cabir (June 2004), http://www.symantec.com/security_response/writeup.jsp?docid=2004-061419-4412-99

  48. Tencent Mobile Security Lab. Disguised the explosive growth of the virus (October 2011) http://www.tastecate.com/freepages353623

  49. TGDaily. Smartphone Malware at an All-Time High (December 2010), http://www.tgdaily.com/security-brief/53060-smartphone-malware-at-an-all-time-high

  50. Vesselin: Dexid (2011), http://dl.dropbox.com/u/34034939/dexid.zip

  51. VirusTotal, http://www.virustotal.com

  52. Xie, L., Zhang, X., Chaugule, A., Jaeger, T., Zhu, S.: Designing System-Level Defenses against Cellphone Malware. In: Proc. of IEEE SRDS (2009)

    Google Scholar 

  53. Ye, S.: Android Market is Currently Blocked in China. Here are your Alternatives (September 2011), http://techrice.com/2011/10/09/android-market-is-currently-blocked-in-china-here-are-your-alternatives/

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zheng, M., Lee, P.P.C., Lui, J.C.S. (2013). ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems. In: Flegel, U., Markatos, E., Robertson, W. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2012. Lecture Notes in Computer Science, vol 7591. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37300-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37300-8_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37299-5

  • Online ISBN: 978-3-642-37300-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics