ADAM: an automatic and extensible platform to stress test android anti-virus systems

Authors:
Min Zheng;Patrick P. C. Lee;John C. S. Lui
Affiliations:
Dept of Computer Science and Engineering, The Chinese University of Hong Kong, Hong Kong;Dept of Computer Science and Engineering, The Chinese University of Hong Kong, Hong Kong;Dept of Computer Science and Engineering, The Chinese University of Hong Kong, Hong Kong
Venue:
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Year:
2012

Citing 20
Cited 6

Testing malware detectors

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Mobile Phones as Computing Devices: The Viruses are Coming!

IEEE Pervasive Computing
Semantics-Aware Malware Detection

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
SmartSiren: virus detection and alert for smartphones

Proceedings of the 5th international conference on Mobile systems, applications and services
Static analysis of executables to detect malicious patterns

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Behavioral detection of malware on mobile handsets

Proceedings of the 6th international conference on Mobile systems, applications, and services
CloudAV: N-version antivirus in the network cloud

SS'08 Proceedings of the 17th conference on Security symposium
Making sense of anti-malware comparative testing

Information Security Tech. Report
Designing System-Level Defenses against Cellphone Malware

SRDS '09 Proceedings of the 2009 28th IEEE International Symposium on Reliable Distributed Systems
VirusMeter: Preventing Your Cellphone from Spies

RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Static analysis of executables for collaborative malware detection on android

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Classification of malware using structured control flow

AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107
Paranoid Android: versatile protection for smartphones

Proceedings of the 26th Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
A study of android application security

SEC'11 Proceedings of the 20th USENIX conference on Security
A survey of mobile malware in the wild

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Crowdroid: behavior-based malware detection system for Android

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified

Proceedings of the 18th ACM conference on Computer and communications security
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications

Proceedings of the 18th ACM conference on Computer and communications security
"Andromaly": a behavioral malware detection framework for android devices

Journal of Intelligent Information Systems

MAST: triage for market-scale mobile malware analysis

Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
AppInk: watermarking android apps for repackaging deterrence

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
DroidChameleon: evaluating Android anti-malware against transformation attacks

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors

Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
AndroSimilar: robust statistical feature signature for Android malware detection

Proceedings of the 6th International Conference on Security of Information and Networks
DIVILAR: diversifying intermediate language for anti-repackaging on android platform

Proceedings of the 4th ACM conference on Data and application security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the rising threat of smartphone malware, both academic community and commercial anti-virus companies proposed many methodologies and products to defend against smartphone malware. Thus, how to assess the effectiveness of these defense mechanisms against existing and unknown malware becomes important. We propose ADAM, an automated and extensible system that can evaluate, via large-scale stress tests, the effectiveness of anti-virus systems against a variety of malware samples for the Android platform. Specifically, ADAM can automatically transform an original malware sample to different variants via repackaging and obfuscation techniques in order to evaluate the robustness of different anti-virus systems against malware mutation. The transformation and evaluation processes of ADAM are fully automatic, generic, and extensible for different types of malware, anti-virus systems, and malware transformation techniques. We demonstrate the efficacy of ADAM using 222 Android malware samples that we collected in the wild. Using ADAM, we generate different variants based on our collected malware samples, and evaluate the detection of these variants against commercial anti-virus systems.