The blue team of DARPA (Defense Advanced Research Projects Agency) backed up by Iowa State University researchers are developing a tool that will help with Android malware analysis.
The features used by the blue team include “smells” which uses stronger heuristics to understand if exits any trace of malware. Benjamin Holland, Tom Deering, and Suresh Kothari are in charge of producing the platform to be presented at ICSE, next month.
The idea of creating such platform appeared in last year’s conference where it was said:
“We have to go through (USAF Colonel) John Boyd’s OODA loop of observe, orient, decide and act several times throughout an audit — the key point is that the Security Toolbox helps us iterate through that loop faster which is what determines success,”
In their paper called “Security Toolbox for Detecting Novel and Sophisticated Android Malware” the experts provided the following description of the approach:
“Our novel human-in-loop approach to detect Android malware minimizes human effort by allowing the human to use the evidence produced by the machine to focus their effort on further machine-assisted reasoning. This affords greater opportunity to detect malware that is not on the radar of an automated analyzer; the what-if experimentation capability provided by the machine enables the user to posit attacker’s intentions, hypothesis about the attacker’s modus operandi and tailor queries to detect sophisticated malware. Thus, our approach increases automation, reduces human effort and error, and provides valuable machine assistance to detect novel and sophisticated malware.”
In their tests, the team accurately detected 66 Android malicious apps (created by DARPA’s red team), scoring an amazing 85.7% of detection, beating the top tools used in the market nowadays.
Another goal with the creation of this tool, was to reduce the human effort in malware detection. For me, especially this is great news, since I work in the field, and sometimes these tasks are time consuming and difficult to detect. This solution sure can provide an evolution and can be a time safer.
About the Author Elsio Pinto
(Security Affairs – DARPA, Android)