MysteryChecker: Unpredictable attestation to detect repackaged malicious applications in Android

Jihwan Jeong, Dongwon Seo, Chanyoung Lee, Jonghoon Kwon, Heejo Lee, John Milburn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

The number of malicious applications, sometimes known as malapps, in Android smartphones has increased significantly in recent years. Malapp writers abuse repackaging techniques to rebuild applications with code changes. Existing anti-malware applications do not successfully defeat or defend against the repackaged malapps due to numerous variants. Software-based attestation approaches widely used in a resource-constrained environment have been developed to detect code changes of software with low resource consumption. In this paper, we propose a novel software-based attestation approach, called MysteryChecker, leveraging an unpredictable attestation algorithm. For its unpredictable attestation, MysteryChecker applies the concept of code obfuscation, which changes the syntax in order to avoid code analysis by adversaries. More precisely, unpredictable attestation is achieved by chaining randomly selected crypto functions. A verifier sends a randomly generated attestation module, and the target application must reply with a correct response using the attestation module. Also, the target application periodically receives a new module that contains a different attestation algorithm. Thus, even if the attacker analyzes the attestation module, the target application replaces the existing attestation module with a new one and the analysis done by the attacker becomes invalid. Experimental results show that MysteryChecker is completely able to detect known and unknown variants of repackaged malapps, while existing anti-malware applications only partially detect the variants.

Original languageEnglish
Title of host publicationProceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages50-57
Number of pages8
ISBN (Electronic)9781479973293
DOIs
Publication statusPublished - 2014 Dec 29
Event9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014 - Fajardo, Puerto Rico
Duration: 2014 Oct 282014 Oct 30

Publication series

NameProceedings of the 9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014

Other

Other9th IEEE International Conference on Malicious and Unwanted Software, MALCON 2014
CountryPuerto Rico
CityFajardo
Period14/10/2814/10/30

Keywords

  • Repackaged Application Detection
  • Smartphone Security
  • Software-based Attestation

ASJC Scopus subject areas

  • Artificial Intelligence
  • Visual Arts and Performing Arts

Fingerprint Dive into the research topics of 'MysteryChecker: Unpredictable attestation to detect repackaged malicious applications in Android'. Together they form a unique fingerprint.

Cite this