ALTERDROID: Differential Fault Analysis of Obfuscated Smartphone Malware

ABSTRACT

Malware for smart phones has rocketed over the last years. Market operators face the challenge of keeping their stores free from malicious apps, a task that has become increasingly complex as malware developers are progressively using advanced techniques to defeat malware detection tools. One such technique commonly observed in recent malware samples consists of hiding and obfuscating modules containing malicious functionality in places that static analysis tools overlook (e.g., within data objects). In this paper, we describe ALTERDROID, a dynamic analysis approach for detecting such hidden or obfuscated malware components distributed as parts of an app package. The key idea in ALTERDROID consists of analyzing the behavioral differences between the original app and a number of automatically generated versions of it, where a number of modifications (faults) have been carefully injected. Observable differences in terms of activities that appear or vanish in the modified app are recorded, and the resulting differential signature is analyzed through a pattern-matching process driven by rules that relate different types of hidden functionalities with patterns found in the signature. A thorough justification and a description of the proposed model are provided. The extensive experimental results obtained by testing ALTERDROID over relevant apps and malware samples support the quality and viability of our proposal.

AIM

The aim of this paper is ALTERDROID consists of analyzing the behavioral differences between the original app and a number of automatically generated versions of it, where a number of modifications (faults) have been carefully injected

SCOPE

The scope of this paper is Observable differences in terms of activities that appear or vanish in the modified app are recorded, and the resulting differential signature is analyzed through a pattern-matching process driven by rules that relate different types of hidden functionalities with patterns found in the signature

EXISTING SYSTEM

Smartphone malware has become a rather profitable business due to the existence of a large number of potential targets and the availability of reuse-oriented malware development methodologies that make exceedingly easy to produce new samples. Smartphone malware is becoming increasingly stealthy and recent specimens are relying on advanced code obfuscation techniques to evade detection by security analysts. More sophisticated obfuscation techniques, particularly in code, are starting to materialize (e.g., stegomalware ). These techniques and trends create an additional obstacle to malware analysts, who see their task further complicated and have to ultimately rely on carefully controlled dynamic analysis techniques to detect the presence of potentially dangerous pieces of code.

DISADVANTAGES

·      Recent malware samples consist of hiding and obfuscating modules containing malicious functionality in places that static analysis tools overlook.

PROPOSED SYSTEM

In this project, ALTERDROID, a tool for detecting, through reverse engineering, obfuscated functionality in components distributed as parts of an app package. Such components are often part of a malicious app and are hidden outside its main code components (e.g. within data objects), as code components may be subject to static analysis by market operators. The key idea in ALTERDROID consists of analyzing the behavioral differences between the original app and an altered version where a number of modifications (faults) have been carefully introduced. Such modifications are designed to have no observable effect on the app execution, provided that the altered component is actually what it should be (i.e., it does not hide any unwanted functionality). For example, replacing the value of some pixels in a picture or a few characters in a string encoding an error message should not affect the execution. However, if after doing so it is observed that a dynamic class loading action crashes or a network connection does not take place, it may well be that the picture was actually a piece of code or the string a network address or a URL.

ADVANTAGES

·      To support differential fault analysis over distinguishable components such as those involving Dex bytecode.

·      ALTERDROID is a powerful and novel dynamic analysis technique that can identify potentially malicious components hidden within an app package.

 SYSTEM ARCHITECTURE

        

SYSTEM CONFIGURATION

HARDWARE REQUIREMENTS:-

·                Processor          -   Pentium –III

·                Speed                -    1.1 Ghz

·                RAM                 -    256 MB(min)

·                Hard Disk         -   20 GB

·                Floppy Drive    -    1.44 MB

·                Key Board                 -    Standard Windows Keyboard

·                Mouse               -    Two or Three Button Mouse

·                Monitor             -    SVGA

SOFTWARE REQUIREMENTS:-

·                Operating System      :Android OS             

·                Front End                  : JAVA

·                Database                  : SqLite

·                Tool                           :Eclipse

 REFERENCES

Suarez-Tangil, G.,Tapiador, J.E. ; Lombardi, F. ; Di Pietro, R. “ALTERDROID: Differential Fault Analysis of Obfuscated Smartphone Malware”, IEEE Transactions on Mobile Computing Volume PP ,  Issue 99  June 2015