Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Android Antiviral Products Easily Evaded, Northwestern Study Says

31.05.2013
Think your antivirus product is keeping your Android safe? Think again.
Northwestern University researchers, working with partners from North Carolina State University, tested 10 of the most popular antiviral products for Android and found each could be easily circumnavigated by even the most simple obfuscation techniques.

“The results are quite surprising,” said Yan Chen, associate professor of electrical engineering and computer science at Northwestern’s McCormick School of Engineering and Applied Science. “Many of these products are blind to even trivial transformation attacks not involving code-level changes — operations a teenager could perform.”
The researchers began by testing six known viruses on the fully functional versions of 10 of the most popular Android antiviral products, most of which have been downloaded by millions of users.

Using a tool they developed called DroidChameleon, the researchers then applied common techniques — such as simple switches in a virus’s binary code or file name, or running a command on the virus to repackage or reassemble it — to transform the viruses into slightly altered but equally damaging versions. Dozens of transformed viruses were then tested on the antiviral products, often slipping through the software unnoticed.

All of the antiviral products could be evaded, the researchers found, though their susceptibility to the transformed attacks varied.

The products’ shortcomings are due to their use of overly simple content-based signatures, special patterns the products use to screen for viruses, the researchers said. Instead, the researchers suggested, the products should use a more sophisticated static analysis to accurately seek out transformed attacks. Only one of the 10 tested tools currently utilizes a static analysis system.

The researchers chose to study Android products because it is the most commonly used operating system in the United States and worldwide, and because its open platform enabled the researchers to easily conduct analyses. They emphasized, however, that other operating systems are not necessarily more protected from virus attacks.

Antiviral products are improving. Last year, 45 percent of signatures could be evaded with trivial transformations. This year, the number has dropped to 16 percent.

“Still, these products are not as robust and effective as they must be to stop malware writers,” Chen said. “This is a cat-and-mouse game.”

A paper about the research, “Evaluating Android Anti-Malware Against Transformation Attacks,” was presented earlier this month at the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013).

The research has been featured by numerous tech news outlets, including Dark Reading, Information Week, The H, Security Week, Slashdot, HelpNet Security, ISS Source, EFY Times, Tech News Daily, Fudzilla, and VirusFreePhone, as well as the German IT website Heise Security. It has also attracted the attention of several antivirus software manufacturers interested in the testing system, Chen said.

In addition to Chen, Vaibhav Rastogi, a PhD candidate at Northwestern, and Xuxian Jeng of North Carolina State University authored the work.

Megan Fellman | EurekAlert!
Further information:
http://www.northwestern.edu

More articles from Studies and Analyses:

nachricht A sudden drop in outdoor temperature increases the risk of respiratory infections
11.01.2017 | University of Gothenburg

nachricht Urbanization to convert 300,000 km2 of prime croplands
27.12.2016 | Mercator Research Institute on Global Commons and Climate Change (MCC) gGmbH

All articles from Studies and Analyses >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Designing Architecture with Solar Building Envelopes

Among the general public, solar thermal energy is currently associated with dark blue, rectangular collectors on building roofs. Technologies are needed for aesthetically high quality architecture which offer the architect more room for manoeuvre when it comes to low- and plus-energy buildings. With the “ArKol” project, researchers at Fraunhofer ISE together with partners are currently developing two façade collectors for solar thermal energy generation, which permit a high degree of design flexibility: a strip collector for opaque façade sections and a solar thermal blind for transparent sections. The current state of the two developments will be presented at the BAU 2017 trade fair.

As part of the “ArKol – development of architecturally highly integrated façade collectors with heat pipes” project, Fraunhofer ISE together with its partners...

Im Focus: How to inflate a hardened concrete shell with a weight of 80 t

At TU Wien, an alternative for resource intensive formwork for the construction of concrete domes was developed. It is now used in a test dome for the Austrian Federal Railways Infrastructure (ÖBB Infrastruktur).

Concrete shells are efficient structures, but not very resource efficient. The formwork for the construction of concrete domes alone requires a high amount of...

Im Focus: Bacterial Pac Man molecule snaps at sugar

Many pathogens use certain sugar compounds from their host to help conceal themselves against the immune system. Scientists at the University of Bonn have now, in cooperation with researchers at the University of York in the United Kingdom, analyzed the dynamics of a bacterial molecule that is involved in this process. They demonstrate that the protein grabs onto the sugar molecule with a Pac Man-like chewing motion and holds it until it can be used. Their results could help design therapeutics that could make the protein poorer at grabbing and holding and hence compromise the pathogen in the host. The study has now been published in “Biophysical Journal”.

The cells of the mouth, nose and intestinal mucosa produce large quantities of a chemical called sialic acid. Many bacteria possess a special transport system...

Im Focus: Newly proposed reference datasets improve weather satellite data quality

UMD, NOAA collaboration demonstrates suitability of in-orbit datasets for weather satellite calibration

"Traffic and weather, together on the hour!" blasts your local radio station, while your smartphone knows the weather halfway across the world. A network of...

Im Focus: Repairing defects in fiber-reinforced plastics more efficiently

Fiber-reinforced plastics (FRP) are frequently used in the aeronautic and automobile industry. However, the repair of workpieces made of these composite materials is often less profitable than exchanging the part. In order to increase the lifetime of FRP parts and to make them more eco-efficient, the Laser Zentrum Hannover e.V. (LZH) and the Apodius GmbH want to combine a new measuring device for fiber layer orientation with an innovative laser-based repair process.

Defects in FRP pieces may be production or operation-related. Whether or not repair is cost-effective depends on the geometry of the defective area, the tools...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

12V, 48V, high-voltage – trends in E/E automotive architecture

10.01.2017 | Event News

2nd Conference on Non-Textual Information on 10 and 11 May 2017 in Hannover

09.01.2017 | Event News

Nothing will happen without batteries making it happen!

05.01.2017 | Event News

 
Latest News

Multiregional brain on a chip

16.01.2017 | Power and Electrical Engineering

New technology enables 5-D imaging in live animals, humans

16.01.2017 | Information Technology

Researchers develop environmentally friendly soy air filter

16.01.2017 | Power and Electrical Engineering

VideoLinks
B2B-VideoLinks
More VideoLinks >>>