DEVELOPMENT OF ANDROID MALWARE EVASION TECHNIQUE FOR BYPASSING SIGNATURE-BASED ANTI- MALWARE DETECTION USING OBFUSCATION AND DYNAMIC CODE LOADING
Malware is one of the biggest threats to the Android system today. Various malware detection methods have been developed by both academics and anti-malware vendors to detect malware attacks on the Android operating system. But at the same time malware developers also continue to develop various t...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/71403 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:71403 |
|---|---|
| spelling |
id-itb.:714032023-02-06T14:03:21ZDEVELOPMENT OF ANDROID MALWARE EVASION TECHNIQUE FOR BYPASSING SIGNATURE-BASED ANTI- MALWARE DETECTION USING OBFUSCATION AND DYNAMIC CODE LOADING Prasetya Ohello, Steven Indonesia Theses Android, Malware, Obfuscation technique, Dynamic Code Loading, Repackaging Attack. INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/71403 Malware is one of the biggest threats to the Android system today. Various malware detection methods have been developed by both academics and anti-malware vendors to detect malware attacks on the Android operating system. But at the same time malware developers also continue to develop various techniques to be able to avoid the detection system. Understanding how these techniques developed from the perspective of malware developers is one way to predict the type of attack that will come, thereby strengthening existing defense systems. This study proposes a framework for modifying malware using obfuscation techniques and dynamic code loading so that it can bypass signature-based anti- malware detection. The framework proposed in this study exploits weaknesses in the Android system and also a signature-based anti-malware system. Among these weaknesses is anti-malware which tends to be slow in adopting signatures from malware, by modifying the body of the malware, signatures that were previously recognized become unrecognizable. In addition, there is a weakness in the Android system where by inserting malware into legitimate applications it can bypass PlayProtect detection. With the feature to embed malware into legitimate applications, the proposed framework can also be used by application developers to test the resilience of their applications from repackaging attacks. iv Testing and evaluation is carried out at each step of the proposed framework. From the test results it is proven that each step can reduce the detection rate on virustotal and testing the entire framework gives significant results in reducing the detection rate. Then, the modified malware is successfully installed on the Android device without being detected and performing its functions properly. From this research it is also known that the PlayProtect system does not perform certificate checks properly. Random use of certificates can trigger detection in PlayProtect which will raise a warning during installation that the application is not recognized. However, by borrowing certificates from other applications this detection can be easily avoided. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
Malware is one of the biggest threats to the Android system today. Various malware
detection methods have been developed by both academics and anti-malware
vendors to detect malware attacks on the Android operating system. But at the same
time malware developers also continue to develop various techniques to be able to
avoid the detection system. Understanding how these techniques developed from
the perspective of malware developers is one way to predict the type of attack that
will come, thereby strengthening existing defense systems.
This study proposes a framework for modifying malware using obfuscation
techniques and dynamic code loading so that it can bypass signature-based anti-
malware detection. The framework proposed in this study exploits weaknesses in
the Android system and also a signature-based anti-malware system. Among these
weaknesses is anti-malware which tends to be slow in adopting signatures from
malware, by modifying the body of the malware, signatures that were previously
recognized become unrecognizable. In addition, there is a weakness in the Android
system where by inserting malware into legitimate applications it can bypass
PlayProtect detection. With the feature to embed malware into legitimate
applications, the proposed framework can also be used by application developers
to test the resilience of their applications from repackaging attacks.
iv
Testing and evaluation is carried out at each step of the proposed framework. From
the test results it is proven that each step can reduce the detection rate on virustotal
and testing the entire framework gives significant results in reducing the detection
rate. Then, the modified malware is successfully installed on the Android device
without being detected and performing its functions properly. From this research it
is also known that the PlayProtect system does not perform certificate checks
properly. Random use of certificates can trigger detection in PlayProtect which will
raise a warning during installation that the application is not recognized. However,
by borrowing certificates from other applications this detection can be easily
avoided. |
| format |
Theses |
| author |
Prasetya Ohello, Steven |
| spellingShingle |
Prasetya Ohello, Steven DEVELOPMENT OF ANDROID MALWARE EVASION TECHNIQUE FOR BYPASSING SIGNATURE-BASED ANTI- MALWARE DETECTION USING OBFUSCATION AND DYNAMIC CODE LOADING |
| author_facet |
Prasetya Ohello, Steven |
| author_sort |
Prasetya Ohello, Steven |
| title |
DEVELOPMENT OF ANDROID MALWARE EVASION TECHNIQUE FOR BYPASSING SIGNATURE-BASED ANTI- MALWARE DETECTION USING OBFUSCATION AND DYNAMIC CODE LOADING |
| title_short |
DEVELOPMENT OF ANDROID MALWARE EVASION TECHNIQUE FOR BYPASSING SIGNATURE-BASED ANTI- MALWARE DETECTION USING OBFUSCATION AND DYNAMIC CODE LOADING |
| title_full |
DEVELOPMENT OF ANDROID MALWARE EVASION TECHNIQUE FOR BYPASSING SIGNATURE-BASED ANTI- MALWARE DETECTION USING OBFUSCATION AND DYNAMIC CODE LOADING |
| title_fullStr |
DEVELOPMENT OF ANDROID MALWARE EVASION TECHNIQUE FOR BYPASSING SIGNATURE-BASED ANTI- MALWARE DETECTION USING OBFUSCATION AND DYNAMIC CODE LOADING |
| title_full_unstemmed |
DEVELOPMENT OF ANDROID MALWARE EVASION TECHNIQUE FOR BYPASSING SIGNATURE-BASED ANTI- MALWARE DETECTION USING OBFUSCATION AND DYNAMIC CODE LOADING |
| title_sort |
development of android malware evasion technique for bypassing signature-based anti- malware detection using obfuscation and dynamic code loading |
| url |
https://digilib.itb.ac.id/gdl/view/71403 |
| _version_ |
1822992121514164224 |