Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Android Antiviral Products Easily Evaded, Northwestern Study Says

31.05.2013
Think your antivirus product is keeping your Android safe? Think again.
Northwestern University researchers, working with partners from North Carolina State University, tested 10 of the most popular antiviral products for Android and found each could be easily circumnavigated by even the most simple obfuscation techniques.

“The results are quite surprising,” said Yan Chen, associate professor of electrical engineering and computer science at Northwestern’s McCormick School of Engineering and Applied Science. “Many of these products are blind to even trivial transformation attacks not involving code-level changes — operations a teenager could perform.”
The researchers began by testing six known viruses on the fully functional versions of 10 of the most popular Android antiviral products, most of which have been downloaded by millions of users.

Using a tool they developed called DroidChameleon, the researchers then applied common techniques — such as simple switches in a virus’s binary code or file name, or running a command on the virus to repackage or reassemble it — to transform the viruses into slightly altered but equally damaging versions. Dozens of transformed viruses were then tested on the antiviral products, often slipping through the software unnoticed.

All of the antiviral products could be evaded, the researchers found, though their susceptibility to the transformed attacks varied.

The products’ shortcomings are due to their use of overly simple content-based signatures, special patterns the products use to screen for viruses, the researchers said. Instead, the researchers suggested, the products should use a more sophisticated static analysis to accurately seek out transformed attacks. Only one of the 10 tested tools currently utilizes a static analysis system.

The researchers chose to study Android products because it is the most commonly used operating system in the United States and worldwide, and because its open platform enabled the researchers to easily conduct analyses. They emphasized, however, that other operating systems are not necessarily more protected from virus attacks.

Antiviral products are improving. Last year, 45 percent of signatures could be evaded with trivial transformations. This year, the number has dropped to 16 percent.

“Still, these products are not as robust and effective as they must be to stop malware writers,” Chen said. “This is a cat-and-mouse game.”

A paper about the research, “Evaluating Android Anti-Malware Against Transformation Attacks,” was presented earlier this month at the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013).

The research has been featured by numerous tech news outlets, including Dark Reading, Information Week, The H, Security Week, Slashdot, HelpNet Security, ISS Source, EFY Times, Tech News Daily, Fudzilla, and VirusFreePhone, as well as the German IT website Heise Security. It has also attracted the attention of several antivirus software manufacturers interested in the testing system, Chen said.

In addition to Chen, Vaibhav Rastogi, a PhD candidate at Northwestern, and Xuxian Jeng of North Carolina State University authored the work.

Megan Fellman | EurekAlert!
Further information:
http://www.northwestern.edu

More articles from Studies and Analyses:

nachricht WAKE-UP provides new treatment option for stroke patients | International study led by UKE
17.05.2018 | Universitätsklinikum Hamburg-Eppendorf

nachricht First form of therapy for childhood dementia CLN2 developed
25.04.2018 | Universitätsklinikum Hamburg-Eppendorf

All articles from Studies and Analyses >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Explanation for puzzling quantum oscillations has been found

So-called quantum many-body scars allow quantum systems to stay out of equilibrium much longer, explaining experiment | Study published in Nature Physics

Recently, researchers from Harvard and MIT succeeded in trapping a record 53 atoms and individually controlling their quantum state, realizing what is called a...

Im Focus: Dozens of binaries from Milky Way's globular clusters could be detectable by LISA

Next-generation gravitational wave detector in space will complement LIGO on Earth

The historic first detection of gravitational waves from colliding black holes far outside our galaxy opened a new window to understanding the universe. A...

Im Focus: Entangled atoms shine in unison

A team led by Austrian experimental physicist Rainer Blatt has succeeded in characterizing the quantum entanglement of two spatially separated atoms by observing their light emission. This fundamental demonstration could lead to the development of highly sensitive optical gradiometers for the precise measurement of the gravitational field or the earth's magnetic field.

The age of quantum technology has long been heralded. Decades of research into the quantum world have led to the development of methods that make it possible...

Im Focus: Computer-Designed Customized Regenerative Heart Valves

Cardiovascular tissue engineering aims to treat heart disease with prostheses that grow and regenerate. Now, researchers from the University of Zurich, the Technical University Eindhoven and the Charité Berlin have successfully implanted regenerative heart valves, designed with the aid of computer simulations, into sheep for the first time.

Producing living tissue or organs based on human cells is one of the main research fields in regenerative medicine. Tissue engineering, which involves growing...

Im Focus: Light-induced superconductivity under high pressure

A team of scientists of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg investigated optically-induced superconductivity in the alkali-doped fulleride K3C60under high external pressures. This study allowed, on one hand, to uniquely assess the nature of the transient state as a superconducting phase. In addition, it unveiled the possibility to induce superconductivity in K3C60 at temperatures far above the -170 degrees Celsius hypothesized previously, and rather all the way to room temperature. The paper by Cantaluppi et al has been published in Nature Physics.

Unlike ordinary metals, superconductors have the unique capability of transporting electrical currents without any loss. Nowadays, their technological...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

Save the date: Forum European Neuroscience – 07-11 July 2018 in Berlin, Germany

02.05.2018 | Event News

Invitation to the upcoming "Current Topics in Bioinformatics: Big Data in Genomics and Medicine"

13.04.2018 | Event News

Unique scope of UV LED technologies and applications presented in Berlin: ICULTA-2018

12.04.2018 | Event News

 
Latest News

Supersonic waves may help electronics beat the heat

18.05.2018 | Power and Electrical Engineering

Keeping a Close Eye on Ice Loss

18.05.2018 | Information Technology

CrowdWater: An App for Flood Research

18.05.2018 | Information Technology

VideoLinks
Science & Research
Overview of more VideoLinks >>>