King's College London

Research portal

Alterdroid: Differential Fault Analysis of Obfuscated Smartphone Malware

Research output: Contribution to journalArticle

Guillermo Suarez-Tangil, Juan Tapiador, Flavio Lombardi, Roberto Di Pietro

Original languageEnglish
Pages (from-to)789 - 802
JournalIEEE Transactions on Mobile Computing
Volume15
Issue number4
Early online date17 Jun 2015
DOIs
Publication statusPublished - 1 Apr 2016

Bibliographical note

I.F.: 2.54 (Q1)

Documents

  • Alterdroid: Differential Fault Analysis_SUAREZ-TANGIL_2015_GREEN AAM

    2015ieeetmc_alterdroid.pdf, 654 KB, application/pdf

    31/05/2018

    Accepted author manuscript

    Other

    © 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

King's Authors

Abstract

Malware for smartphones has rocketed over the last years. Market operators face the challenge of keeping their stores free from malicious apps, a task that has become increasingly complex as malware developers are progressively using advanced techniques to defeat malware detection tools. One such technique commonly observed in recent malware samples consists of hiding and obfuscating modules containing malicious functionality in places that static analysis tools overlook (e.g., within data objects). In this paper, we describe Alterdroid, a dynamic analysis approach for detecting such hidden or obfuscated malware components distributed as parts of an app package. The key idea in Alterdroid consists of analyzing the behavioral differences between the original app and a number of automatically generated versions of it, where a number of modifications (faults) have been carefully injected. Observable differences in terms of activities that appear or vanish in the modified app are recorded, and the resulting differential signature is analyzed through a pattern-matching process driven by rules that relate different types of hidden functionalities with patterns found in the signature. A thorough justification and a description of the proposed model are provided. The extensive experimental results obtained by testing Alterdroid over relevant apps and malware samples support the quality and viability of our proposal.

Download statistics

No data available

View graph of relations

© 2018 King's College London | Strand | London WC2R 2LS | England | United Kingdom | Tel +44 (0)20 7836 5454