ALTERDROID: Differential Fault Analysis of Obfuscated
Smartphone Malware
ABSTRACT:
Malware for smartphones has rocketed over the last
years. Market operators face the challenge of keeping their stores free from
malicious apps, a task that has become increasingly complex as malware
developers are progressively using advanced techniques to defeat malware detection
tools. One such technique commonly observed in recent malware samples consists
of hiding and obfuscating modules containing malicious functionality in places
that static analysis tools overlook (e.g., within data objects). In this paper,
we describe ALTERDROID, a dynamic analysis approach for detecting such hidden
or obfuscated malware components distributed as parts of an app package. The
key idea in ALTERDROID consists of analyzing the behavioral differences between
the original app and a number of automatically generated versions of it, where
a number of modifications (faults) have been carefully injected. Observable
differences in terms of activities that appear or vanish in the modified app
are recorded, and the resulting differential signature is analyzed through a
pattern-matching process driven by rules that relate different types of hidden
functionalities with patterns found in the signature. A thorough justification
and a description of the proposed model are provided. The extensive experimental
results obtained by testing ALTERDROID over relevant apps and malware samples
support the quality and viability of our proposal.
EXISTING SYSTEM:
Smartphone malware has become a rather profitable
business due to the existence of a large number of potential targets and the
availability of reuse-oriented malware development methodologies that make
exceedingly easy to produce new samples. Smartphone
malware is becoming increasingly stealthy and recent specimes are relying on
advanced code obfuscation techniques to evade detection by security analysts. More sophisticated obfuscation
techniques, particularly in code, are starting to materialize (e.g.,
stegomalware ). These techniques and trends create an additional obstacle to
malware analysts, who see their task further complicated and have to ultimately
rely on carefully controlled dynamic analysis techniques to detect the presence
of potentially dangerous pieces of code.
DISADVANTAGES
OF EXISTING SYSTEM:
Obfuscation resilient detection is based on
semantics rather than syntax.
PROPOSED SYSTEM:
In this paper we describe ALTERDROID, a tool for
detecting, through reverse engineering, obfuscated functionality in components
distributed as parts of an app package. Such components are often part of a
malicious app and are hidden outside its main code components (e.g. within data
objects), as code components may be subject to static analysis by market
operators. The key idea in ALTERDROID consists of analyzing the behavioral
differences between the original app and an altered version where a number of
modifications (faults) have been carefully introduced. Such modifications are
designed to have no observable effect on the app execution, provided that the
altered component is actually what it should be (i.e., it does not hide any
unwanted functionality). For example, replacing the value of some pixels in a
picture or a few characters in a string encoding an error message should not
affect the execution. However, if after doing so it is observed that a dynamic
class loading action crashes or a network connection does not take place, it
may well be that the picture was actually a piece of code or the string a
network address or a URL.
ADVANTAGES
OF PROPOSED SYSTEM:
1. ALTERDROID
is designed and built to allow ease of tailoring and flexibility in
functionality.
2. We provide
simple yet powerful enough models for fault injection operators, behavioral
signatures and rule-based analysis of differential behavior.
SYSTEM ARCHITECTURE:
SYSTEM
REQUIREMENTS:
HARDWARE REQUIREMENTS:
Ø
System : Pentium IV 2.4 GHz.
Ø
Hard Disk :
40 GB.
Ø
Floppy Drive : 1.44
Mb.
Ø
Monitor : 15
VGA Colour.
Ø
Mouse :
Logitech.
Ø Ram : 512 Mb.
Ø MOBILE : ANDROID
SOFTWARE
REQUIREMENTS:
Ø Operating system : Windows
7.
Ø Coding Language : Java
1.7
Ø Tool Kit : Android
2.3 ABOVE
Ø IDE : Eclipse
REFERENCE:
Guillermo Suarez-Tangil, Juan E. Tapiador, Flavio
Lombardi, Roberto Di Pietro, “ALTERDROID: Differential Fault Analysis of Obfuscated
Smartphone Malware”, IEEE TRANSACTIONS ON MOBILE COMPUTING 2015.
