To: Professor Ellis
From: Jun Gao
Date: Oct 1, 2021
Subject: 500- Word Summary of DroidMorph
Topic/Major: CST, Cyber Security & Networking
There has been a rise in different variants of Android malware and there needs to be new and improved methods to combat this malware. There is this new tool developed called DroidMorph. Multiple reports have stated that Androids are still the main target of malware attacks with malwares cloning themselves and there are a lot of data to support that claim. Malware creators use stealthy mutations to make clones of malwares.
To combat malware clones, we need to study how they are generated. DroidMorph is a Android APK morphing tool, which can be used to create Android application malware clones. It turns out that even top of the line anti-malware programs are susceptible to attack by these transformations. They tested 10 anti malware programs and repetitive transformations were used to fool the anti-malware program. During the tests, it was discovered that AntiY AVL which is a anti malware, performed better than the others.
Protsenko et al tested against data and object-oriented design obfuscations against the top 10 anti malware and found inadequacy in them all. These four examples of anti-malware testing proved that all of them have some deficiencies and it is time to introduce the tool DroidMorph. Droidmorph is implemented on the Soot Framework which is an improvement over the old implementations. Droidmorph provides support for analysis, modification, and generation of Android bytecode. Droidmorph provides morphing of APK at different levels of abstraction. Figure shows the archtitectural design of DroidMorph.
The current design of DroidMorph has three levels of abstrations when it comes to morphing, class, method and body. They conducted a study to analyze the efficiency of DroidMorph. The dataset has 848 Android malware programs which was collected from two different sources. They explained in table 1 it shows distribution of the malware samples. Table shows the number of variants generated for each level of abstraction. Table 3 shows the detection results of the 17 commercial anti-malware programs tested with 1771 variants of 7 malware families generated by DroidMorph.
Results show that 8 out of 17 anti-malware programs could not detect any morphed APKs. End results show that DroidMorph was successful in bypassing the security in multiple anti-malware programs. DroidMorph’s detection average proved to be significantly better than many antimalware programs.
DroidMorph and the research into developing and improving the program is still a work in progress. With the development of DroidMorph and its ability to morph different malware into different clones, the developers hope that DroidMorph will be used in the future for research of new malwares and their clones. In the future, there will be many more improvements and updates that will be made to DroidMorph, hopefully make it the industry standard for fighting malware and its clones.
Reference
S. Alam, M. Z. ul Abideen and S. Saleem, “DroidMorph: Are We Ready to Stop the Attack of Android Malware Clones?,” 2018 2nd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT), 2018, pp. 1-4, doi: 10.1109/ISMSIT.2018.8567059.
