基於重複利用之惡意代碼以檢驗安卓防毒系統之阻抗性

Abstract

Android的病毒成出不窮導致一般的防病毒軟體不能即時處理批量化的病毒，而且隨著時間的變化，病毒進化的更複雜，導致一般的特徵比對往往追不上從新包裝的病毒。因此，我們的研究領域將會去探討現有的防病毒軟體對於病毒的代碼彈性度到底有多強。我們會用一系列的方法去逃避防病毒軟體的偵測。最後，我們將針對防病毒軟體的弱點，加以敘述再給予建設性的建議，希望不久將來，防病毒軟體的偵測能力更完善。

The number of mobile malware growing in an alarming rate poses a big threat to the mobile community. Distributing malicious sample by means of piggyback on legitimate application will most likely entice user to download them. Affirmatively, to broaden the infection rate, malicious code reuse act as an catalyst to create pandemic as anti-virus vendors reported high number of variants were detected under same family. In response to skyrocketing number of mobile malware, a number of security vendors have offered anti-malware solution in defeating mobile threats like Avast, AhnLab, McAfee, Kaspersky, Symantec etc. We demonstrate that these anti-malware systems completely fail to achieve protection against mobile malware that evolved from its predecessor. Even a very weak tactique can easily evade detection. We show dozens of methods that can render anti-malware detection approach useless without any need to perform sophisticated effort. We enumerate the requirements that an anti-malware system must satisfy to lower the false negatives and positives and conclude that “detection by conventional signatures” derived from cryptographic hash value is not useful against mutation on malware. We then present our recommendations for strengthening the current anti-malware solution against malware that performed code reuse