loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Daniele Albanese 1 ; Rosangela Casolare 2 ; Giovanni Ciaramella 1 ; Giacomo Iadarola 1 ; Fabio Martinelli 1 ; Francesco Mercaldo 1 ; 2 ; Marco Russodivito 2 and Antonella Santone 2

Affiliations: 1 Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy ; 2 University of Molise, Campobasso, Italy

Keyword(s): Security, Malware, Android, Reflection, Dynamic Compiling, Dynamic Loading, Steganography.

Abstract: Android is the most widely used mobile operating system in the world. Due to its popularity, has become a target for attackers who are constantly working to develop aggressive malicious payloads aimed to steal confidential and sensitive data from our mobile devices. Despite the security policies provided by the Android operating system, malicious applications continue to proliferate on official and third-party markets. Unfortunately, current anti-malware software is unable to detect the so-called zero-day threats due to its signature-based approach. For this reason, it is necessary to develop methods aimed to enforce Android security mechanisms. With this in mind, in this paper we highlight how a series of features available in current high-level programming languages and typically used for totally legitimate purposes, can become a potential source of malicious payload injection if used in a given sequence. To demonstrate the effectiveness to perpetrate this attack, we design a new m alware model that takes advantage of several Android features inherited from the Java language, such as reflection, dynamic compilation, and dynamic loading including steganographic techniques to hide the malicious payload code. We implement the proposed malware model in the Stegware Android application. In detail, the proposed malware model is based, on the app side, on the compilation and execution of Java code at runtime and, from the attacker side, on a software architecture capable of making the new malware model automatic and distributed. We evaluate the effectiveness of the proposed malware model by submitting it to 73 free and commercial antimalware, and by demonstrating its ability to circumvent the security features of the Android operating systems and the current antimalware detection. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.191.118.36

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Albanese, D. ; Casolare, R. ; Ciaramella, G. ; Iadarola, G. ; Martinelli, F. ; Mercaldo, F. ; Russodivito, M. and Santone, A. (2023). StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-624-8; ISSN 2184-4356, SciTePress, pages 741-748. DOI: 10.5220/0011859000003405

@conference{icissp23,
author={Daniele Albanese and Rosangela Casolare and Giovanni Ciaramella and Giacomo Iadarola and Fabio Martinelli and Francesco Mercaldo and Marco Russodivito and Antonella Santone},
title={StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP},
year={2023},
pages={741-748},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011859000003405},
isbn={978-989-758-624-8},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP
TI - StegWare: A Novel Malware Model Exploiting Payload Steganography and Dynamic Compilation
SN - 978-989-758-624-8
IS - 2184-4356
AU - Albanese, D.
AU - Casolare, R.
AU - Ciaramella, G.
AU - Iadarola, G.
AU - Martinelli, F.
AU - Mercaldo, F.
AU - Russodivito, M.
AU - Santone, A.
PY - 2023
SP - 741
EP - 748
DO - 10.5220/0011859000003405
PB - SciTePress