Please use this identifier to cite or link to this item:
https://www.um.edu.mt/library/oar/handle/123456789/30050
Title: | Enhancing android malware sandboxes with anti-evasion code patching |
Authors: | Leguesse, Yonas |
Keywords: | Malware (Computer software) Android (Electronic resource) Smartphones -- Security measures |
Issue Date: | 2017 |
Abstract: | Sophisticated Android malware families often implement techniques aimed at avoiding detection. Split personality malware for example, behaves benignly when it detects that it is running on an analysis environment such as a malware sandbox, and maliciously when running on a real user's device. These kind of techniques are problematic for malware analysts, often rendering them unable to detect or understand the malicious behaviour. This is where sandbox hardening comes into play. In this work, we exploit sandbox detection heuristic prediction to proactively generate bytecode patches, in order to disable the malware's ability to detect a malware sandbox. Through the development of AndroNeo, we demonstrate the feasibility of this approach by showing that the heuristic prediction basis is a solid starting point to build upon, and demonstrating that when heuristic prediction is followed by bytecode patch generation, split personality can be defeated. The AndroNeo prototype implements checks at the Java level for API method calls that can distinguish real devices from emulators. The robustness of AndroNeo was demonstrated by showing its ability to identify and patch evasion heuristics within packed code. The relevance of packed malware was confirmed by demonstrating the prevalence of packers in modern day malware samples. |
Description: | M.SC.COMP.SCI.&ARTIFICIAL INTELLIGENCE |
URI: | https://www.um.edu.mt/library/oar//handle/123456789/30050 |
Appears in Collections: | Dissertations - FacICT - 2017 Dissertations - FacICTAI - 2017 Dissertations - FacICTCS - 2017 |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
17MCSFT003 - Yonas_Leguesse.pdf Restricted Access | 4.33 MB | Adobe PDF | View/Open Request a copy |
Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.