Enhancing Stealthiness & Efficiency of Android Trojans and Defense Possibilities (EnSEAD) - Android's Malware Attack, Stealthiness and Defense: An Improvement
{"title":"Enhancing Stealthiness & Efficiency of Android Trojans and Defense Possibilities (EnSEAD) - Android's Malware Attack, Stealthiness and Defense: An Improvement","authors":"Mohammad Ali, H. Ali, Z. Anwar","doi":"10.1109/FIT.2011.35","DOIUrl":null,"url":null,"abstract":"In this work, we have studied Android Architecture from a security point of view. We have studied various defense mechanisms that are present in current Android Platform or are recently proposed. We took inspiration from Sound comber -- a recent Android Trojan that steals sensitive information using various techniques. We enhanced the capabilities of Sound comber in terms of its stealthiness and efficiency in malicious communication by identifying new covert channel and incorporating basic compression. We then developed a new Android Trojan -- Contact Archiver (steals user contacts) which inherits properties from Sound comber, i.e. uses few and innocuous permissions, circumvents already-known security defenses, conveys information remotely without direct network access plus incorporates enhancements proposed by us. We also propose some defense possibilities to detect Contact Archiver covert communication. Our future work will be to block security attacks performed using our enhancements, when they are used in any Android malware.","PeriodicalId":101923,"journal":{"name":"2011 Frontiers of Information Technology","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Frontiers of Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FIT.2011.35","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
In this work, we have studied Android Architecture from a security point of view. We have studied various defense mechanisms that are present in current Android Platform or are recently proposed. We took inspiration from Sound comber -- a recent Android Trojan that steals sensitive information using various techniques. We enhanced the capabilities of Sound comber in terms of its stealthiness and efficiency in malicious communication by identifying new covert channel and incorporating basic compression. We then developed a new Android Trojan -- Contact Archiver (steals user contacts) which inherits properties from Sound comber, i.e. uses few and innocuous permissions, circumvents already-known security defenses, conveys information remotely without direct network access plus incorporates enhancements proposed by us. We also propose some defense possibilities to detect Contact Archiver covert communication. Our future work will be to block security attacks performed using our enhancements, when they are used in any Android malware.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
