Abstract—Software engineering researchers have largely demonstrated that newer versions of software make use of previous versions. No exception to this rule for the so-called malicious software, that frequently evolves in order to evade the detection by antimalware. As matter of fact, mobile malicious programs, such as trojans, are frequently related to previous malware through evolutionary relationships. Discovering those relationships and constructing a phylogenetic model is expected to be helpful for analyzing new malware and for establishing a principled naming scheme. In this paper we propose a model checking based method to infer mobile malware phylogenetic trees. We demonstrate, implementing our approach in the droid- Sapiens tool, that mobile malware families come from an ancestor and they influence own descendant, basing on the payload that they exhibit.
Model Checking for Mobile Android Malware Evolution
VAGLINI, GIGLIOLA
2017-01-01
Abstract
Abstract—Software engineering researchers have largely demonstrated that newer versions of software make use of previous versions. No exception to this rule for the so-called malicious software, that frequently evolves in order to evade the detection by antimalware. As matter of fact, mobile malicious programs, such as trojans, are frequently related to previous malware through evolutionary relationships. Discovering those relationships and constructing a phylogenetic model is expected to be helpful for analyzing new malware and for establishing a principled naming scheme. In this paper we propose a model checking based method to infer mobile malware phylogenetic trees. We demonstrate, implementing our approach in the droid- Sapiens tool, that mobile malware families come from an ancestor and they influence own descendant, basing on the payload that they exhibit.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
