PANDORA applies non-deterministic obfuscation randomly to Android

Android, a Linux-based operating system, is currently the most popular platform for mobile devices like smart-phones and tablets. Recently, two closely related security threats have become a major concern of the research community: software piracy and malware. This paper studies the capabilities of...

Full description

Saved in:
Bibliographic Details
Published in2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE) pp. 59 - 67
Main Authors Protsenko, Mykola, Muller, Tilo
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.10.2013
Subjects
Androids
Arrays
Encryption
Humanoid robots
Malware
Smart phones
Software
Online AccessGet full text

Cover

More Information
Summary:Android, a Linux-based operating system, is currently the most popular platform for mobile devices like smart-phones and tablets. Recently, two closely related security threats have become a major concern of the research community: software piracy and malware. This paper studies the capabilities of code obfuscation for the purposes of plagiarized software and malware diversification. Within the scope of this work, the PANDORA (PANDORA Applies Non-Deterministic Obfuscation Randomly to Android) transformation system for Android bytecode was designed and implemented, combining techniques for data and object-oriented design obfuscation. Our evaluation results indicate deficiencies of the malware detection engines currently used in 46 popular antivirus products, which in most cases were not able to detect samples obfuscated with PANDORA. Furthermore, this paper reveals shortcomings of the Androsim tool and potentially other static software similarity algorithms, recently proposed to address the piracy problem in Android.
ISBN:9781479925346
1479925349
DOI:10.1109/MALWARE.2013.6703686