In contrast to other peer works attempting to expose the vulnerability of learning-based detection models, this work addresses the deficiencies of existing research by pointing out that the stochastic manipulations they applied may be highly computationally demanding. Despite the improved efficacy of machine learning-based classifiers in detecting PDF malware, adversaries have proposed a variety of countermeasures to evade detection, such as generating adversarial examples. With the growing popularity of information digitization and the advancement of executable file detection technology, PDF has emerged as an important carrier of malicious documents. This evidences important experimental bias in research works levering on automated systems for family identification without considering variants. In particular, we show that riders of malware families evolve over time. Finally, we discuss what our findings mean for Android malware detection research, highlighting areas that need further attention by the research community. We find that since its infancy in 2010, the Android malware ecosystem has changed significantly, both in the type of malicious activity performed by malware and in the level of obfuscation used to avoid detection. Our analysis framework relies on collective repositories and recent advances on the systematization of intelligence extracted from multiple anti-virus vendors.
To address this problem, we use differential analysis to isolate software components that are irrelevant to the campaign and study the behavior of malicious riders alone.
One of the main challenges posed when studying repackaged malware is slicing the app to split benign components apart from the malicious ones. In this type of threat different innocuous apps are piggybacked with a malicious payload (rider), allowing inexpensive malware manufacturing. We aim at understanding how Android malware has evolved over time, focusing on repackaging malware. In this paper, we conduct the largest measurement of Android malware behavior to date, analyzing over 1.2 million malware samples that belong to 1.28K families over a period of eight years (from 2010 to 2017). Without such view, researchers incur the risk of developing systems that only detect outdated threats, missing the most recent ones.
Despite the growing threat posed by Android malware, the research community is still lacking a comprehensive view of common behaviors and emerging trends in malware families active on the platform.
0 kommentar(er)
