International journal of advanced smart convergence

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Simulated Dynamic C&C Server Based Activated Evidence Aggregation of Evasive Server-Side Polymorphic Mobile Malware on Android

  • Received : 2017.01.20
  • Accepted : 2017.02.28
  • Published : 2017.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Diverse types of malicious code such as evasive Server-side Polymorphic are developed and distributed in third party open markets. The suspicious new type of polymorphic malware has the ability to actively change and morph its internal data dynamically. As a result, it is very hard to detect this type of suspicious transaction as an evidence of Server-side polymorphic mobile malware because its C&C server was shut downed or an IP address of remote controlling C&C server was changed irregularly. Therefore, we implemented Simulated C&C Server to aggregate activated events perfectly from various Server-side polymorphic mobile malware. Using proposed Simulated C&C Server, we can proof completely and classify veiled server-side polymorphic malicious code more clearly.

Keywords

References

  1. Shaun Nichols, Polymorphic malware on the rise, says Sophos, December 2012, http://www.v3.co.uk/v3-uk/news/2229214/polymorphic-malware-on-the-rise-says-sophos/.
  2. LAVASOFT, "Detecting Polymorphic Malware," http://www.lavasoft.com/mylavasoft/securitycenter/whitepapers/detecting-polymorphic-malware/.
  3. Ryan Sherstobitoff, "Server-Side Polymorphism: Crime-Ware as a Service Model (CaaS)," ISSA Journal, 2008.
  4. Vaibhav Rasgtogi, Yan Chen and Xuxian Jiang, "Catch Me if You Can: Evaluating Android Anti-malware against Transformation Attacks," IEEE Transactions on Information Forensics and Security, Vol.9, No.1 (2014), 99-108. https://doi.org/10.1109/TIFS.2013.2290431
  5. Mohd Zaki Mas'ud, Shahrin Sahib, Mohd Faizal Abdollah, Siti Rahayu Selamat and Robiah Yusof, "Android Malware Detection System Classification," Research Journal of Information Technology, Vol.6 No.4 (2014) pp.325-341. https://doi.org/10.3923/rjit.2014.325.341
  6. Y. Zhou, and X. Jiang, "Dissecting android malware: Characterization and evolution," Proc. of the IEEE Symposium on Security and Privacy, San Francisco, California (2012), 95-109.
  7. Michael Spreitzenbarth, Felix Freiling, "Android Malware on the Rise," University of Erlangen, Dept. of Computer Science, Technical Reports, CS-2012-04, April 2012.
  8. Shaerpour, K., A. Dehghantanha and R. Mahmod, "Trends in android malware detection," Journal of Digital Forensics, Security and Law, Vol.8, No.3 (2013), 21-40.
  9. Xuxian Jiang, Yajin Zhou, Android Malware, Springer, NY, USA (2013).
  10. Han Seong Lee, Hyung-Woo Lee, "Implementation of Polymorphic Malware DB based Dynamic Analysis System for Android Mobile Applications," IJCC 2015, AACL 04 (2015), 170-173.
  11. Han Seong Lee, Hyung-Woo Lee, "Fake C&C Server based Server-Side Polymorphic Malicious Mobile Code Detection and Evidence Aggregation on Android Platform," Information, Vol.18, No.8, (2015) 3723-3737.
  12. Symantec Security Response, "Server-side Polymorphic Android Applications," https://www.symantec.com/connect/blogs/server-side-polymorphic-android-applications.
  13. "Droidbox," https://code.google.com/p/droidbox/.
  14. "Androguard," https://code.google.com/p/androguard/.
  15. Cool tools for admins: Check out our latest top ten lost in this free digital edition!, http://www.linux-magazine.com/Issues/2013/155/Code-Analysis/.
  16. Han Seong Lee, Hyung-Woo Lee, "Dynamic Analysis System for Detecting Remote Server-Side Polymorphic Malicious Mobile Apps on Android based Smartphone," International Journal of u- and e- Service, Science and Technology, Vol.8, No.11, (2015) 295-302. https://doi.org/10.14257/ijunesst.2015.8.11.29
  17. A. Shabtai, L. Tenenboim-Chekina, D. Mimran, L. Rokach, B. Shapira, Y. Elovici, "Mobile malware detection through analysis of deviations in application network behavior," Computers & Security, Vol.43, June 2014, 1-18. https://doi.org/10.1016/j.cose.2014.02.009
  18. Han Seong Lee, Hyung-Woo Lee, "Simulated Dynamic C&C Server Based Activated Evidence Aggregation of Evasive Server-Side Polymorphic Mobile Malware on Android", Advanced and Applied Convergence, 3rd International Joint Conference (IJCC2017), pp.118-119, 2017.