Abstract
With the rapid increase in Android device popularity, a new evolving arms-race is happening between the malware writers and AntiVirus Detectors (AVDs) on the popular mobile system. In its latest comparison of AVDs, independent test lab AV-TEST reported that AVDs have around 95 % malware recognition rate. However, as mobile systems are specially designed, we consider that the power of AVDs’ should also be evaluated based on their runtime malware detection capabilities. In this work, we performed a comprehensive study on ten popular Android AVDs to evaluate the effectiveness of their scanning operations. During our analysis, we identified the design dilemmas related to two types of malware scanning operations, namely local malware scan and cloud-based malware scan. Our work opens a new research direction in designing more effective and efficient malware scan mechanisms for current antivirus software on mobile devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Android antivirus companies. Technical report. http://www.zdnet.com/android-antivirus-comparison-review-malware-symantec-mcafee-kaspersky-sophos-norton-7000019189/
AV TEST report, January 2014. http://www.av-test.org/en/tests/mobile-devices/android/jan-2014/
Kaspersky Lab Reports Mobile Malware in 2013. http://usa.kaspersky.com/about-us/press-center/press-releases/kaspersky-lab-reports-mobile-malware-2013-more-doubles-previous
Server-side Polymorphic Android Applications. http://www.symantec.com/connect/blogs/server-side-polymorphic-android-applications
Al-Saleh, M.I., Crandall, J.R.: Application-level reconnaissance: timing channel attacks against antivirus software. In: 4th USENIX Workshop on LEET 2011 (2011)
Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: ACM CCS 2010 (2010)
Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In: ICSE, pp. 175–186 (2014)
Chen, S., Wang, R., Wang, X., Zhang, K.: Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: S&P 2010 (2010)
Chen, X., Andersen, J., Mao, Z.M., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: DSN 2008 (2008)
Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: 2005 IEEE Symposium on Security and Privacy. IEEE (2005)
Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI, vol. 10, pp. 1–6 (2010)
Huang, H., Chen, K., Ren, C., Liu, P., Zhu, S., Wu, D.: Towards discovering and understanding unexpected hazards in tailoring antivirus software for android. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015 (2015)
Huang, H., Zhang, S., Ou, X., Prakash, A., Sakallah, K.: Distilling critical attack graph surface iteratively through minimum-cost sat solving. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 31–40. ACM (2011)
Huang, H., Zhu, S., Liu, P., Wu, D.: A framework for evaluating mobile App repackaging detection algorithms. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) TRUST 2013. LNCS, vol. 7904, pp. 169–186. Springer, Heidelberg (2013)
Jana, S., Shmatikov, V.: Abusing file processing in malware detectors for fun and profit. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 80–94. IEEE (2012)
Oberheide, J., Bailey, M., Jahanian, F.: PolyPack: an automated online packing service for optimal antivirus evasion. In: 3rd USENIX on Offensive Technologies
Oberheide, J., Jahanian, F.: When mobile is harder than fixed (andvice versa): demystifying security challenges in mobile environments. In: HotMobile 2010. ACM (2010)
Oberheide, J., Jahanian, F.: Remote fingerprinting and exploitation of mail server antivirus engines (2009)
Pék, G., Bencsáth, B., Buttyán, L.: nEther: in-guest detection of out-of-the-guest malware analyzers. In: Proceedings of the Fourth European Workshop on System Security, EUROSEC 2011. ACM (2011)
Petitcolas, F.A., Anderson, R.J., Kuhn, M.G.: Information hiding-a survey. In: Proceedings of the IEEE (1999)
Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe and malicious dynamic code loading in android applications (2014)
Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluatingandroid anti-malware against transformation attacks. In: asiaCCS. ACM (2013)
Schlegel, R., Zhang, K., Zhou, X.-Y., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound trojan for smartphones. In: NDSS (2011)
Smalley, S., Craig, R.: Security enhanced (se) android: bringing flexible mac to android. In: NDSS (2013)
Studer, A., Passaro, T., Bauer, L.: Don’t bump, shake on it: the exploitation of a popular accelerometer-based smart phone exchange and its secure replacement. In: ACSAC 2011 (2011)
Yan, L.K., Yin, H.: Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In: USENIX rSecurity 2012 (2012)
Zhang, D., Askarov, A., Myers, A.C.: Predictive mitigation of timing channels in interactive systems. In: ACM CCS, pp. 563–574. ACM (2011)
Zhang, D., Askarov, A., Myers, A.C.: Language-based control and mitigation of timing channels. In: ACM SIGPLAN Notices, vol. 47, pp. 99–110. ACM (2012)
Zhang, F., Huang, H., Zhu, S., Wu, D., Liu, P.: View-droid: towards obfuscation-resilient mobile application repackaging detection. In: Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2014)
Zhou, X., Demetriou, S., He, D., Naveed, M., Pan, X., Wang, X., Gunter, C.A., Nahrstedt, K.: Identity, location, disease and more: inferring your secrets from android public resources. In: ACM CCS. ACM (2013)
Zhou, Y., Jiang, X.: An analysis of the anserverbot trojan. http://www.csc.ncsu.edu/faculty/jiang/pubs/AnserverBotAnalysis.pdf
Zhou, Y., Jiang, X.: Dissecting android malware: characterizationand evolution. In: SP 2012. IEEE (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Huang, H., Chen, K., Liu, P., Zhu, S., Wu, D. (2015). Uncovering the Dilemmas on Antivirus Software Design in Modern Mobile Platforms. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 153. Springer, Cham. https://doi.org/10.1007/978-3-319-23802-9_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-23802-9_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23801-2
Online ISBN: 978-3-319-23802-9
eBook Packages: Computer ScienceComputer Science (R0)