{"title":"Inferring the Detection Logic and Evaluating the Effectiveness of Android Anti-Virus Apps","authors":"Zhenquan Cai, R. Yap","doi":"10.1145/2857705.2857719","DOIUrl":null,"url":null,"abstract":"Malware on Android has been reported to be on the rise. There are many anti-virus (AV) apps available on Android. However, most AVs are presented as black-boxes without details given about their workings. In this paper, we propose to determine the key elements used by the AVs, which we call inferring the AV detection logic, through a black-box testing methodology. We perform a large scale experiment on 57 Android AVs using 2000 malware variants to evaluate whether the detection logic can be found and whether the AVs can detect the malware. Our experiments show that a majority of AVs detect malware using simple static features. Such features can be easily obfuscated by renaming or encrypting strings and data, which can make it easy to evade some AVs. We also observe trends showing that AVs use common features to detect malware across all families.","PeriodicalId":377412,"journal":{"name":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2857705.2857719","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13
Abstract
Malware on Android has been reported to be on the rise. There are many anti-virus (AV) apps available on Android. However, most AVs are presented as black-boxes without details given about their workings. In this paper, we propose to determine the key elements used by the AVs, which we call inferring the AV detection logic, through a black-box testing methodology. We perform a large scale experiment on 57 Android AVs using 2000 malware variants to evaluate whether the detection logic can be found and whether the AVs can detect the malware. Our experiments show that a majority of AVs detect malware using simple static features. Such features can be easily obfuscated by renaming or encrypting strings and data, which can make it easy to evade some AVs. We also observe trends showing that AVs use common features to detect malware across all families.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
