Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Android Antiviral Products Easily Evaded, Northwestern Study Says

31.05.2013
Think your antivirus product is keeping your Android safe? Think again.
Northwestern University researchers, working with partners from North Carolina State University, tested 10 of the most popular antiviral products for Android and found each could be easily circumnavigated by even the most simple obfuscation techniques.

“The results are quite surprising,” said Yan Chen, associate professor of electrical engineering and computer science at Northwestern’s McCormick School of Engineering and Applied Science. “Many of these products are blind to even trivial transformation attacks not involving code-level changes — operations a teenager could perform.”
The researchers began by testing six known viruses on the fully functional versions of 10 of the most popular Android antiviral products, most of which have been downloaded by millions of users.

Using a tool they developed called DroidChameleon, the researchers then applied common techniques — such as simple switches in a virus’s binary code or file name, or running a command on the virus to repackage or reassemble it — to transform the viruses into slightly altered but equally damaging versions. Dozens of transformed viruses were then tested on the antiviral products, often slipping through the software unnoticed.

All of the antiviral products could be evaded, the researchers found, though their susceptibility to the transformed attacks varied.

The products’ shortcomings are due to their use of overly simple content-based signatures, special patterns the products use to screen for viruses, the researchers said. Instead, the researchers suggested, the products should use a more sophisticated static analysis to accurately seek out transformed attacks. Only one of the 10 tested tools currently utilizes a static analysis system.

The researchers chose to study Android products because it is the most commonly used operating system in the United States and worldwide, and because its open platform enabled the researchers to easily conduct analyses. They emphasized, however, that other operating systems are not necessarily more protected from virus attacks.

Antiviral products are improving. Last year, 45 percent of signatures could be evaded with trivial transformations. This year, the number has dropped to 16 percent.

“Still, these products are not as robust and effective as they must be to stop malware writers,” Chen said. “This is a cat-and-mouse game.”

A paper about the research, “Evaluating Android Anti-Malware Against Transformation Attacks,” was presented earlier this month at the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013).

The research has been featured by numerous tech news outlets, including Dark Reading, Information Week, The H, Security Week, Slashdot, HelpNet Security, ISS Source, EFY Times, Tech News Daily, Fudzilla, and VirusFreePhone, as well as the German IT website Heise Security. It has also attracted the attention of several antivirus software manufacturers interested in the testing system, Chen said.

In addition to Chen, Vaibhav Rastogi, a PhD candidate at Northwestern, and Xuxian Jeng of North Carolina State University authored the work.

Megan Fellman | EurekAlert!
Further information:
http://www.northwestern.edu

More articles from Studies and Analyses:

nachricht Drone vs. truck deliveries: Which create less carbon pollution?
31.05.2017 | University of Washington

nachricht New study: How does Europe become a leading player for software and IT services?
03.04.2017 | Fraunhofer-Institut für System- und Innovationsforschung (ISI)

All articles from Studies and Analyses >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Can we see monkeys from space? Emerging technologies to map biodiversity

An international team of scientists has proposed a new multi-disciplinary approach in which an array of new technologies will allow us to map biodiversity and the risks that wildlife is facing at the scale of whole landscapes. The findings are published in Nature Ecology and Evolution. This international research is led by the Kunming Institute of Zoology from China, University of East Anglia, University of Leicester and the Leibniz Institute for Zoo and Wildlife Research.

Using a combination of satellite and ground data, the team proposes that it is now possible to map biodiversity with an accuracy that has not been previously...

Im Focus: Climate satellite: Tracking methane with robust laser technology

Heatwaves in the Arctic, longer periods of vegetation in Europe, severe floods in West Africa – starting in 2021, scientists want to explore the emissions of the greenhouse gas methane with the German-French satellite MERLIN. This is made possible by a new robust laser system of the Fraunhofer Institute for Laser Technology ILT in Aachen, which achieves unprecedented measurement accuracy.

Methane is primarily the result of the decomposition of organic matter. The gas has a 25 times greater warming potential than carbon dioxide, but is not as...

Im Focus: How protons move through a fuel cell

Hydrogen is regarded as the energy source of the future: It is produced with solar power and can be used to generate heat and electricity in fuel cells. Empa researchers have now succeeded in decoding the movement of hydrogen ions in crystals – a key step towards more efficient energy conversion in the hydrogen industry of tomorrow.

As charge carriers, electrons and ions play the leading role in electrochemical energy storage devices and converters such as batteries and fuel cells. Proton...

Im Focus: A unique data centre for cosmological simulations

Scientists from the Excellence Cluster Universe at the Ludwig-Maximilians-Universität Munich have establised "Cosmowebportal", a unique data centre for cosmological simulations located at the Leibniz Supercomputing Centre (LRZ) of the Bavarian Academy of Sciences. The complete results of a series of large hydrodynamical cosmological simulations are available, with data volumes typically exceeding several hundred terabytes. Scientists worldwide can interactively explore these complex simulations via a web interface and directly access the results.

With current telescopes, scientists can observe our Universe’s galaxies and galaxy clusters and their distribution along an invisible cosmic web. From the...

Im Focus: Scientists develop molecular thermometer for contactless measurement using infrared light

Temperature measurements possible even on the smallest scale / Molecular ruby for use in material sciences, biology, and medicine

Chemists at Johannes Gutenberg University Mainz (JGU) in cooperation with researchers of the German Federal Institute for Materials Research and Testing (BAM)...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Plants are networkers

19.06.2017 | Event News

Digital Survival Training for Executives

13.06.2017 | Event News

Global Learning Council Summit 2017

13.06.2017 | Event News

 
Latest News

Supersensitive through quantum entanglement

28.06.2017 | Physics and Astronomy

X-ray photoelectron spectroscopy under real ambient pressure conditions

28.06.2017 | Physics and Astronomy

Mice provide insight into genetics of autism spectrum disorders

28.06.2017 | Health and Medicine

VideoLinks
B2B-VideoLinks
More VideoLinks >>>