ALTERDROID: eifferential fault analysis of obfuscated smartphone malware

e-Archivo Repository

e-Archivo estará en modo consulta durante los próximos días. Por favor, NO DEPOSITE ningún trabajo. Los enlaces a través del handle no están accesibles, si necesita hacer una búsqueda de sus publicaciones, pinche en "Navegar por" "Autores". Disculpen las molestias.

Show simple item record

dc.contributor.author Suárez de Tangil Rotaeche, Guillermo Nicolás
dc.contributor.author Estévez Tapiador, Juan Manuel
dc.contributor.author Lombardi, Flavio
dc.contributor.author Di Prieto, Roberto
dc.date.accessioned 2022-10-27T11:01:29Z
dc.date.available 2022-10-27T11:01:29Z
dc.date.issued 2016-04-01
dc.identifier.bibliographicCitation G. Suarez-Tangil, J. E. Tapiador, F. Lombardi and R. D. Pietro, "Alterdroid: Differential Fault Analysis of Obfuscated Smartphone Malware," in IEEE Transactions on Mobile Computing, vol. 15, no. 4, pp. 789-802, 1 April 2016, doi: 10.1109/TMC.2015.2444847.
dc.identifier.issn 1536-1233
dc.identifier.uri http://hdl.handle.net/10016/35941
dc.description.abstract Malware for smartphones has rocketed over the last years. Market operators face the challenge of keeping their stores free from malicious apps, a task that has become increasingly complex as malware developers are progressively using advanced techniques to defeat malware detection tools. One such technique commonly observed in recent malware samples consists of hiding and obfuscating modules containing malicious functionality in places that static analysis tools overlook (e.g., within data objects). In this paper, we describe ALTERDROID, a dynamic analysis approach for detecting such hidden or obfuscated malware components distributed as parts of an app package. The key idea in ALTERDROID consists of analyzing the behavioral differences between the original app and a number of automatically generated versions of it, where a number of modifications (faults) have been carefully injected. Observable differences in terms of activities that appear or vanish in the modified app are recorded, and the resulting differential signature is analyzed through a pattern-matching process driven by rules that relate different types of hidden functionalities with patterns found in the signature. A thorough justification and a description of the proposed model are provided. The extensive experimental results obtained by testing ALTERDROID over relevant apps and malware samples support the quality and viability of our proposal.
dc.description.sponsorship This work was partially supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and the CAM Grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Big Data, and Risks).
dc.language.iso eng
dc.publisher IEEE
dc.rights © 2016, IEEE
dc.subject.other computer security
dc.subject.other malware
dc.subject.other mobile computing
dc.subject.other evolution
dc.title ALTERDROID: eifferential fault analysis of obfuscated smartphone malware
dc.type research article
dc.subject.eciencia Informática
dc.identifier.doi https://doi.org/10.1109/TMC.2015.2444847
dc.rights.accessRights open access
dc.relation.projectID Gobierno de España. TIN-2013-46469-R
dc.relation.projectID Comunidad de Madrid. S2013/ICE-3095
dc.identifier.publicationfirstpage 789
dc.identifier.publicationissue 4
dc.identifier.publicationlastpage 802
dc.identifier.publicationtitle IEEE TRANSACTIONS ON MOBILE COMPUTING
dc.identifier.publicationvolume 15
dc.identifier.uxxi AR/0000017902
dc.contributor.funder Comunidad de Madrid
dc.contributor.funder Ministerio de Economía y Competitividad (España)
dc.affiliation.dpto UC3M. Departamento de Informática
dc.affiliation.grupoinv UC3M. Grupo de Investigación: COSEC (Computer SECurity Lab)
dc.type.hasVersion AM
 Find Full text

Files in this item

*Click on file's image for preview. (Embargoed files's preview is not supported)


This item appears in the following Collection(s)

Show simple item record