Feeds

CompSci eggheads to map Android malware genome

Aim for taxonomy of droid ills

Choosing a cloud hosting partner with confidence

Mobile security researchers are teaming up to share samples and data on malware targeting the Android platform.

The Android Malware Genome Project, spearheaded by Xuxian Jiang, a computer science researcher at North Carolina State University, aims to boost collaboration in defending against the growing menace of mobile malware targeting smartphones from the likes of HTC and Samsung which are based on Google's mobile operating system platform.

The NC State team led by Xuxian was the first to identify dozens of Android malware programs, including DroidKungFu and GingerMaster.

The project is designed to facilitate the sharing of Android malware code between security researchers, along the same lines as the long-standing malware sample sharing projects already set up by Windows anti-virus software developers. The project has already collected more than 1,200 pieces of Android malware.

Xuxian explains that rapid access by security researchers to Android malware is needed because "our defence capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples".

The project not only wants to enable the sharing of mobile malware samples but also to facilitate work to create a taxonomy of Android malware, with the aim of helping to create improved security defences, which the NC State team argue are currently falling well short of delivering effective protection.

In this project, we focus on the Android platform and aim to systematise or characterise existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads.

The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments in November, 2011, show that the best case detects 79.6 per cent of them while the worst case detects only 20.2 per cent in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.

Xuxian explained that the project was particularly targeted at academic researchers and was designed to supplement vendor-led efforts at mobile malware exchange and analysis.

"I am aware of some malware-exchanging programmes between these vendors, either for Windows-based malware or Android-based malware," he told El Reg. "However, it seems hard for independent researchers or academic researchers to be involved.

"Great innovations can also come from research labs in academia. This is one main reason why we are promoting and sharing Android malware samples for research purposes. Also, notice that Android malware is still at the early stage and rapidly evolving. With this timing, the sharing becomes extremely important."

The project was announced at IEEE Symposium on Security and Privacy in San Francisco on Tuesday. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.