Skip to main content
SpringerLink
Log in

Uncovering the Dilemmas on Antivirus Software Design in Modern Mobile Platforms

  • Conference paper
  • First Online:
Book cover International Conference on Security and Privacy in Communication Networks (SecureComm 2014)

  • 805 Accesses

Abstract

With the rapid increase in Android device popularity, a new evolving arms-race is happening between the malware writers and AntiVirus Detectors (AVDs) on the popular mobile system. In its latest comparison of AVDs, independent test lab AV-TEST reported that AVDs have around 95 % malware recognition rate. However, as mobile systems are specially designed, we consider that the power of AVDs’ should also be evaluated based on their runtime malware detection capabilities. In this work, we performed a comprehensive study on ten popular Android AVDs to evaluate the effectiveness of their scanning operations. During our analysis, we identified the design dilemmas related to two types of malware scanning operations, namely local malware scan and cloud-based malware scan. Our work opens a new research direction in designing more effective and efficient malware scan mechanisms for current antivirus software on mobile devices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Android antivirus companies. Technical report. http://www.zdnet.com/android-antivirus-comparison-review-malware-symantec-mcafee-kaspersky-sophos-norton-7000019189/

  2. AV TEST report, January 2014. http://www.av-test.org/en/tests/mobile-devices/android/jan-2014/

  3. Kaspersky Lab Reports Mobile Malware in 2013. http://usa.kaspersky.com/about-us/press-center/press-releases/kaspersky-lab-reports-mobile-malware-2013-more-doubles-previous

  4. Server-side Polymorphic Android Applications. http://www.symantec.com/connect/blogs/server-side-polymorphic-android-applications

  5. Al-Saleh, M.I., Crandall, J.R.: Application-level reconnaissance: timing channel attacks against antivirus software. In: 4th USENIX Workshop on LEET 2011 (2011)

    Google Scholar 

  6. Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: ACM CCS 2010 (2010)

    Google Scholar 

  7. Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In: ICSE, pp. 175–186 (2014)

    Google Scholar 

  8. Chen, S., Wang, R., Wang, X., Zhang, K.: Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: S&P 2010 (2010)

    Google Scholar 

  9. Chen, X., Andersen, J., Mao, Z.M., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: DSN 2008 (2008)

    Google Scholar 

  10. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: 2005 IEEE Symposium on Security and Privacy. IEEE (2005)

    Google Scholar 

  11. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI, vol. 10, pp. 1–6 (2010)

    Google Scholar 

  12. Huang, H., Chen, K., Ren, C., Liu, P., Zhu, S., Wu, D.: Towards discovering and understanding unexpected hazards in tailoring antivirus software for android. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015 (2015)

    Google Scholar 

  13. Huang, H., Zhang, S., Ou, X., Prakash, A., Sakallah, K.: Distilling critical attack graph surface iteratively through minimum-cost sat solving. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 31–40. ACM (2011)

    Google Scholar 

  14. Huang, H., Zhu, S., Liu, P., Wu, D.: A framework for evaluating mobile App repackaging detection algorithms. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) TRUST 2013. LNCS, vol. 7904, pp. 169–186. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  15. Jana, S., Shmatikov, V.: Abusing file processing in malware detectors for fun and profit. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 80–94. IEEE (2012)

    Google Scholar 

  16. Oberheide, J., Bailey, M., Jahanian, F.: PolyPack: an automated online packing service for optimal antivirus evasion. In: 3rd USENIX on Offensive Technologies

    Google Scholar 

  17. Oberheide, J., Jahanian, F.: When mobile is harder than fixed (andvice versa): demystifying security challenges in mobile environments. In: HotMobile 2010. ACM (2010)

    Google Scholar 

  18. Oberheide, J., Jahanian, F.: Remote fingerprinting and exploitation of mail server antivirus engines (2009)

    Google Scholar 

  19. Pék, G., Bencsáth, B., Buttyán, L.: nEther: in-guest detection of out-of-the-guest malware analyzers. In: Proceedings of the Fourth European Workshop on System Security, EUROSEC 2011. ACM (2011)

    Google Scholar 

  20. Petitcolas, F.A., Anderson, R.J., Kuhn, M.G.: Information hiding-a survey. In: Proceedings of the IEEE (1999)

    Google Scholar 

  21. Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe and malicious dynamic code loading in android applications (2014)

    Google Scholar 

  22. Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluatingandroid anti-malware against transformation attacks. In: asiaCCS. ACM (2013)

    Google Scholar 

  23. Schlegel, R., Zhang, K., Zhou, X.-Y., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound trojan for smartphones. In: NDSS (2011)

    Google Scholar 

  24. Smalley, S., Craig, R.: Security enhanced (se) android: bringing flexible mac to android. In: NDSS (2013)

    Google Scholar 

  25. Studer, A., Passaro, T., Bauer, L.: Don’t bump, shake on it: the exploitation of a popular accelerometer-based smart phone exchange and its secure replacement. In: ACSAC 2011 (2011)

    Google Scholar 

  26. Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In: USENIX rSecurity 2012 (2012)

    Google Scholar 

  27. Zhang, D., Askarov, A., Myers, A.C.: Predictive mitigation of timing channels in interactive systems. In: ACM CCS, pp. 563–574. ACM (2011)

    Google Scholar 

  28. Zhang, D., Askarov, A., Myers, A.C.: Language-based control and mitigation of timing channels. In: ACM SIGPLAN Notices, vol. 47, pp. 99–110. ACM (2012)

    Google Scholar 

  29. Zhang, F., Huang, H., Zhu, S., Wu, D., Liu, P.: View-droid: towards obfuscation-resilient mobile application repackaging detection. In: Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2014)

    Google Scholar 

  30. Zhou, X., Demetriou, S., He, D., Naveed, M., Pan, X., Wang, X., Gunter, C.A., Nahrstedt, K.: Identity, location, disease and more: inferring your secrets from android public resources. In: ACM CCS. ACM (2013)

    Google Scholar 

  31. Zhou, Y., Jiang, X.: An analysis of the anserverbot trojan. http://www.csc.ncsu.edu/faculty/jiang/pubs/AnserverBotAnalysis.pdf

  32. Zhou, Y., Jiang, X.: Dissecting android malware: characterizationand evolution. In: SP 2012. IEEE (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Pennsylvania State University, State College, USA

    Heqing Huang, Kai Chen, Peng Liu, Sencun Zhu & Dinghao Wu

  2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Kai Chen

Authors
  1. Heqing Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kai Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sencun Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dinghao Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Heqing Huang .

Editor information

Editors and Affiliations

  1. CAS, Institute of Information Engineering, Beijing, China

    Jin Tian

  2. Institute of Information Engineering, Beijing, China

    Jiwu Jing

  3. IBM Thomas J. Watson Research Center, New York, New York, USA

    Mudhakar Srivatsa

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Huang, H., Chen, K., Liu, P., Zhu, S., Wu, D. (2015). Uncovering the Dilemmas on Antivirus Software Design in Modern Mobile Platforms. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 153. Springer, Cham. https://doi.org/10.1007/978-3-319-23802-9_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23802-9_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23801-2

  • Online ISBN: 978-3-319-23802-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation