Feeds

CompSci eggheads to map Android malware genome

Aim for taxonomy of droid ills

Choosing a cloud hosting partner with confidence

Mobile security researchers are teaming up to share samples and data on malware targeting the Android platform.

The Android Malware Genome Project, spearheaded by Xuxian Jiang, a computer science researcher at North Carolina State University, aims to boost collaboration in defending against the growing menace of mobile malware targeting smartphones from the likes of HTC and Samsung which are based on Google's mobile operating system platform.

The NC State team led by Xuxian was the first to identify dozens of Android malware programs, including DroidKungFu and GingerMaster.

The project is designed to facilitate the sharing of Android malware code between security researchers, along the same lines as the long-standing malware sample sharing projects already set up by Windows anti-virus software developers. The project has already collected more than 1,200 pieces of Android malware.

Xuxian explains that rapid access by security researchers to Android malware is needed because "our defence capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples".

The project not only wants to enable the sharing of mobile malware samples but also to facilitate work to create a taxonomy of Android malware, with the aim of helping to create improved security defences, which the NC State team argue are currently falling well short of delivering effective protection.

In this project, we focus on the Android platform and aim to systematise or characterise existing Android malware. Particularly, with more than one year effort, we have managed to collect more than 1,200 malware samples that cover the majority of existing Android malware families, ranging from their debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads.

The characterization and a subsequent evolution-based study of representative families reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software. Based on the evaluation with four representative mobile security software, our experiments in November, 2011, show that the best case detects 79.6 per cent of them while the worst case detects only 20.2 per cent in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-malware solutions.

Xuxian explained that the project was particularly targeted at academic researchers and was designed to supplement vendor-led efforts at mobile malware exchange and analysis.

"I am aware of some malware-exchanging programmes between these vendors, either for Windows-based malware or Android-based malware," he told El Reg. "However, it seems hard for independent researchers or academic researchers to be involved.

"Great innovations can also come from research labs in academia. This is one main reason why we are promoting and sharing Android malware samples for research purposes. Also, notice that Android malware is still at the early stage and rapidly evolving. With this timing, the sharing becomes extremely important."

The project was announced at IEEE Symposium on Security and Privacy in San Francisco on Tuesday. ®

Beginner's guide to SSL certificates

More from The Register

next story
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
NATO declares WAR on Google Glass, mounts attack alongside MPAA
Yes, the National Association of Theater Owners is quite upset
Inside the EYE of the TORnado: From Navy spooks to Silk Road
It's hard enough to peel the onion, are you hard enough to eat the core?
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.