Self-modifying Code Detection and Protection on Android System

• Main Authors: Yen-Chien Pan, 潘彥謙
• Other Authors: Shih-Hao Hung
• Format: Others
• Language: en_US
• Published: 2014
• Online Access: http://ndltd.ncl.edu.tw/handle/37550703715962474447

碩士 === 國立臺灣大學 === 資訊工程學研究所 === 102 === The numbers of Android mobile devices and applications are both increased dramatically these years, but unfortunately, so are malwares. While there are a lot of anti-virus applications on Android systems, malwares usually use various tricks to prevent themselves from being detected. Self-modification is a novel technique on Android system which allows applications to hide its actual code. In this paper, we propose a detection method to help detect this type of malware, and based on the detection result, we further developed a mechanism to protect users from the risk of executing modified code. We evaluate 73,754 applications downloaded from Google Play and 44,315 known malwares with our detection mechanism. In the result, there are about 0.07% applications have self-modification behavior, and the most suspicious ones are measured as adwares. Although we haven’t encountered any self-modifying malware yet, hopefully, this work serves to help detect new types of self-modifying malware in the future.