Browse > Article
http://dx.doi.org/10.7236/IJASC.2022.11.3.23

Investigation of the SPRT-Based Android Evasive Malware  

Ho, Jun-Won (Department of Information Security, Seoul Women's University)
Publication Information
International journal of advanced smart convergence / v.11, no.3, 2022 , pp. 23-27 More about this Journal
Abstract
In this paper, we explore a new type of Android evasive malware based on the Sequential Probability Ratio Test (SPRT) that does not perform malicious task when it discerns that dynamic analyzer is input generator. More specifically, a new type of Android evasive malware leverages the intuition that dynamic analyzer provides as many inputs within a certain amount of time as possible to Android apps to be tested, while human users generally provide necessary inputs to Android apps to be used. Under this intuition, it harnesses the SPRT to discern whether dynamic analyzer runs in Android system or not in such a way that the number of inputs per time slot exceeding a preset threshold is regarded as evidence that inputs are provided by dynamic analyzer, expediting the SPRT to decide that dynamic analyzer operates in Android system and evasive malware does not carry out malicious task.
Keywords
Dynamic Analysis; Sequential Probability Ratio Test (SPRT); Android;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S. Hao, B. Liu, S. Nathy, W.G.J. Halfond, R. Govindan. PUMA: Programmable UI-Automation for Large-Scale Dynamic Analysis of Mobile Apps. In ACM MobiSys, 2014. DOI: https://doi.org/10.1145/2594368.2594390.   DOI
2 J. Zhang, Z. Gu, J. Jang, D. Kirat, M. Stoecklin, X. Shu, H. Huang. Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic. In50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2020, pp. 76-87.
3 J. Blackthorne, A. Bulazel, A. Fasano, P. Biernat, and B. Yener. AVLeak: Fingerprinting Antivirus Emulators Through Black-Box Testing. In USENIX Workshop on Offensive Technologies, 2016.
4 Y. Li, Z. Yang, Y. Guo, and X. Chen. Humanoid: A Deep Learning-Based Approach to Automated Black-box Android App Testing. In 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2019, pp. 1070-1073. DOI: https://doi.org/10.1109/ASE.2019.00104.   DOI
5 Ho, Jun-Won. METHOD AND APPARATUS FOR DIAGNOSING MALICIOUS APP DETECTED APPLICATION. Republic of Korea Patent. Registration Number/Date: 1020995060000 (2020.04.03).
6 https://developer.android.com/studio/test/monkey.
7 S. D. Yalew, G. Q. Maguire, S. Haridi, and M. Correia. T2Droid: A TrustZone-Based Dynamic Analyser for Android Applications. In 2017 IEEE Trustcom/BigDataSE/ICESS, 2017, pp. 240-247. DOI: https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.243.   DOI
8 A. Wald. Sequential Analysis, Dover, 2004.
9 Y. Li, Z. Yang, Y. Guo, and X. Chen. DroidBot: A Lightweight UI-Guided Test Input Generator for Android. In IEEE/ACM 39th IEEE International Conference on Software Engineering Companion, 2017. DOI: https://doi.org/10.1109/ICSE-C.2017.8.   DOI
10 A. Dawoud, S. Bugiel. Bringing Balance to the Force: Dynamic Analysis of the Android Application Framwork. In NDSS 2021. DOI: https://doi.org/10.14722/ndss.2021.23106.   DOI
11 Ho, Jun-Won (2022): Game Theoretic Security Analysis against Input-Driven Evasive Malware in the IoT. TechRxiv. Preprint. DOI: https://doi.org/10.36227/techrxiv.19633677.v1   DOI
12 D. C. DElia, E. Coppa, F. Palmaro, and L. Cavallaro. On the Dissection of Evasive Malware. In IEEE Transactions on Information Forensics and Security, vol. 15, pp. 2750-2765, 2020. DOI: https://doi.org/10.1109/TIFS.2020.2976559.   DOI
13 W. Diao, X. Liu, Z. Li, and K. Zhang. Evading Android Runtime Analysis Through Detecting Programmed Interactions. In ACM WiSec, 2016. DOI: https://doi.org/10.1145/2939918.2939926.   DOI
14 Y. Jing, Z. Zhao, G.-J. Ahn, and H. Hu. Morpheus: Automatically Generating Heuristics to Detect Android Emulators. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2014. DOI: https://doi.org/10.1145/2664243.2664250.   DOI
15 H. Shi, J. Mirkovic, and A. Alwabel. Handling Anti-Virtual Machine Techniques in Malicious Software. In ACM Transactions on Privacy and Security, Article No.2, December 2017. DOI: https://doi.org/10.1145/3139292.   DOI
16 J. Wampler, I. Martiny, and E. Wustrow. ExSpectre: Hiding Malware in Speculative Execution. In Network and Distributed Systems Security(NDSS) Symposium, 2019.
17 D. Kirat, G. Vigna, C. Kruegel. BareCloud: Bare-metal Analysis-based Evasive Malware Detection. In Usenix Security, 2014.
18 X. Wang, S. Zhu, D. Zhou, and Y. Yang. Droid-AntiRM: Taming Control Flow Anti-analysis to Support Automated Dynamic Analysis of Android Malware. In ACSAC, 2017, Pages 350-361. DOI: https://doi.org/10.1145/3134600.3134601   DOI
19 X. Wang, Y. Yang, and S. Zhu. Automated Hybrid Analysis of Android Malware through Augmenting Fuzzing with Forced Execution. In IEEE Transactions on Mobile Computing, vol. 18, no. 12, pp. 2768-2782, 2019. DOI: https://doi.org/10.1109/TMC.2018.2886881.   DOI
20 X. Pan, X. Wang, Y. Duan, X. Wang, and H. Yin. Dark Hazard: Learning-based, Large-scale Discovery of Hidden Sensitive Operations in Android Apps. In NDSS, 2017.
21 L. Bello and M. Pistoia. Ares: Triggering Payload of Evasive Android Malware. In IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft), 2018, pp. 2-12.
22 S. Mutti, Y. Fratantonio, A. Bianchi, L. Invernizzi, J. Corbetta, D. Kirat,C. Kruegel, and G. Vigna. BareDroid: Large-Scale Analysis of Android Apps on Real Devices. In ACSAC, 2015. DOI: https://doi.org/10.1145/2818000.2818036.   DOI
23 N. Miramirkhani, M. P. Appini, N. Nikiforakis, and M. Polychronakis. Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts. 2017 IEEE Symposium on Security and Privacy (SP), 2017, pp. 1009-1024, DOI: https://doi.org/ 10.1109/SP.2017.42.   DOI
24 Ho, Jun-Won. GAME THEORY BASED DYNAMIC ANALYSIS INPUT SYSTEM AND METHOD FOR INTELLIGENT MALICIOUS APP DETECTION. Republic of Korea Patent. Registration Number/Date: 1022106590000/(2021.01.27).