ABSTRACT
Malware
for smart phones has rocketed over the last years. Market operators face the
challenge of keeping their stores free from malicious apps, a task that has
become increasingly complex as malware developers are progressively using
advanced techniques to defeat malware detection tools. One such technique
commonly observed in recent malware samples consists of hiding and obfuscating
modules containing malicious functionality in places that static analysis tools
overlook (e.g., within data objects). In this paper, we describe ALTERDROID, a
dynamic analysis approach for detecting such hidden or obfuscated malware
components distributed as parts of an app package. The key idea in ALTERDROID
consists of analyzing the behavioral differences between the original app and a
number of automatically generated versions of it, where a number of
modifications (faults) have been carefully injected. Observable differences in
terms of activities that appear or vanish in the modified app are recorded, and
the resulting differential signature is analyzed through a pattern-matching
process driven by rules that relate different types of hidden functionalities
with patterns found in the signature. A thorough justification and a
description of the proposed model are provided. The extensive experimental
results obtained by testing ALTERDROID over relevant apps and malware samples
support the quality and viability of our proposal.
AIM
The
aim of this paper is ALTERDROID consists of analyzing the behavioral
differences between the original app and a number of automatically generated
versions of it, where a number of modifications (faults) have been carefully
injected
SCOPE
The scope of
this paper is Observable differences in terms of activities that appear or
vanish in the modified app are recorded, and the resulting differential
signature is analyzed through a pattern-matching process driven by rules that
relate different types of hidden functionalities with patterns found in the
signature
EXISTING SYSTEM
Smartphone
malware has become a rather profitable business due to the existence of a large
number of potential targets and the availability of reuse-oriented malware
development methodologies that make exceedingly easy to produce new samples.
Smartphone malware is becoming increasingly stealthy and recent specimens are
relying on advanced code obfuscation techniques to evade detection by security
analysts. More sophisticated obfuscation techniques, particularly in code, are
starting to materialize (e.g., stegomalware ). These techniques and trends
create an additional obstacle to malware analysts, who see their task further
complicated and have to ultimately rely on carefully controlled dynamic
analysis techniques to detect the presence of potentially dangerous pieces of
code.
DISADVANTAGES
·
Recent malware samples consist of hiding
and obfuscating modules containing malicious functionality in places that
static analysis tools overlook.
PROPOSED SYSTEM
In
this project, ALTERDROID, a tool for detecting, through reverse engineering,
obfuscated functionality in components distributed as parts of an app package.
Such components are often part of a malicious app and are hidden outside its
main code components (e.g. within data objects), as code components may be
subject to static analysis by market operators. The key idea in ALTERDROID
consists of analyzing the behavioral differences between the original app and
an altered version where a number of modifications (faults) have been carefully
introduced. Such modifications are designed to have no observable effect on the
app execution, provided that the altered component is actually what it should
be (i.e., it does not hide any unwanted functionality). For example, replacing
the value of some pixels in a picture or a few characters in a string encoding
an error message should not affect the execution. However, if after doing so it
is observed that a dynamic class loading action crashes or a network connection
does not take place, it may well be that the picture was actually a piece of
code or the string a network address or a URL.
ADVANTAGES
· To
support differential fault analysis over distinguishable components such as
those involving Dex bytecode.
· ALTERDROID
is a powerful and novel dynamic analysis technique that can identify
potentially malicious components hidden within an app package.
SYSTEM ARCHITECTURE
SYSTEM CONFIGURATION
HARDWARE REQUIREMENTS:-
· Processor - Pentium –III
·
Speed - 1.1 Ghz
·
RAM - 256 MB(min)
·
Hard
Disk - 20 GB
·
Floppy
Drive - 1.44 MB
·
Key
Board - Standard Windows Keyboard
·
Mouse - Two or Three Button Mouse
·
Monitor -
SVGA
SOFTWARE REQUIREMENTS:-
·
Operating
System : AndroidOS
·
Language : Java
·
Database
: SqLite Database
·
Tool :Eclipse
REFERENCES
Suarez-Tangil,
G.,Tapiador, J.E. ; Lombardi, F. ; Di Pietro, R. “ALTERDROID: Differential
Fault Analysis of Obfuscated Smartphone Malware”, IEEE Transactions on Mobile
Computing Volume PP , Issue 99 June 2015
No comments:
Post a Comment