Uni boffins: 'Accurate' Android AV app outperforms most rivals

...Don't sweat, VXers, it's STILL no use against hidden nasties

German researchers have built an Android app capable of detecting 94 percent of malware quick enough to run on mobile devices they say bests current offerings in effectiveness and description.

Daniel Arp, Konrad Rieck, Malte Hubner and Hugo Gascon of the University of Gottingen – together with Michael Spreitzenbarth of Siemens computer emergency response team – pitted their DREBIN tool against 123,453 benign applications from different Android app stores and 5560 new malware samples, the largest set yet used.

"As the limited resources impede monitoring applications at run-time, DREBIN performs a broad static analysis, gathering as many features of an application as possible," the researchers wrote in the paper DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket (PDF).

"... DREBIN outperforms several related approaches and detects 94 percent of the malware with few false alarms (one percent false-positive), where the explanations provided for each detection reveal relevant properties of the detected malware.

"To the best of our knowledge, DREBIN is the first method which provides effective and explainable detection of Android malware directly on smartphone devices."

It took the app 10 seconds to analyse five modern Android phones making it suitable for screening downloaded apps on the device. Older phones took about 20 seconds to scan while on a 2.26Ghz core duo desktop with 4Gb of RAM the tool could scan a whopping 100,000 apps a day.

Dynamically loaded and obfuscated malware – the bane of anti-malware offerings – could still give DREBIN the slip, the authors concede.

Its use of static analysis was another limitation in which the retrieved code of detected malware was inaccessible. This area was the subject of future research.

However its combination of static analysis and machine learning remained effective in making compromise more expensive for attackers by forcing them to better hide their malware. It could also detect efforts by VXers to repack malware or insert junk data.

DREBIN gathered information on a target app's code and manifest which were organised into strings including permissions and API calls, and embedded in a joint vector space.

"As an example, an application sending premium SMS messages is cast to a specific region in the vector space associated with the corresponding permissions, intents and API calls," the researchers wrote. "This geometric representation enables DREBIN to identify combinations and patterns of features indicative for malware automatically using machine learning techniques."

Various platforms had been proposed to help save users who blindly OK app permissions from themselves. Existing systems such as TaintDroid, DroidRanger and RiskRanker were effective, but relied on manually crafted detection patterns that would miss some new malware and may come with large device performance cost.

Rival antivirus tools running at a one perc ent false-positive rate detected between 10 to 50 per cent of malware, while DREBIN found 94 per cent. The researchers put its additional detection capabilities in part on the ability to monitor requested permissions, suspicious API calls, intent filters and network addresses. ®

Other stories you might like

  • AWS buys before it tries with quantum networking center
    Fundamental problems of qubit physics aside, the cloud giant thinks it can help

    Nothing in the quantum hardware world is fully cooked yet, but quantum computing is quite a bit further along than quantum networking – an esoteric but potentially significant technology area, particularly for ultra-secure transactions. Amazon Web Services is among those working to bring quantum connectivity from the lab to the real world. 

    Short of developing its own quantum processors, AWS has created an ecosystem around existing quantum devices and tools via its Braket (no, that's not a typo) service. While these bits and pieces focus on compute, the tech giant has turned its gaze to quantum networking.

    Alongside its Center for Quantum Computing, which it launched in late 2021, AWS has announced the launch of its Center for Quantum Networking. The latter is grandly working to solve "fundamental scientific and engineering challenges and to develop new hardware, software, and applications for quantum networks," the internet souk declared.

    Continue reading
  • Mega's unbreakable encryption proves to be anything but
    Boffins devise five attacks to expose private files

    Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.

    The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files.

    The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "significant shortcomings in Mega’s cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files.

    Continue reading
  • A miserable work week spent toiling inside 'the metaverse'
    Nausea, eye strain, inability to take notes, migraines are just a few of Metaverse work 'perks'

    Sometimes it takes research to prove what was already suspected, like how utterly uncomfortable it would be to work in the metaverse.

    An international team of researchers conducted a study [PDF] to just such an end, putting participants in VR headsets and taking an inventory of their self-reported physical and mental states throughout a five day, eight-hour-a-day period spent in headsets and a virtual "office".

    Unlike a real job, participants were allowed to set their own work agendas and didn't perform standardized tasks yet even still had trouble undertaking these.

    Continue reading

Biting the hand that feeds IT © 1998–2022