Android Malware Genome Project: Norton Detects Just 20 Percent Of Malware

By May 30, 2012

Image: Symantec

As smartphones have exploded in popularity, so too has mobile malware. But it’s not all bad news: Awareness of the threat is growing among experts, and some believe that a growing knowledge base could help tighten security on mobile platforms.

Researchers at North Carolina State are working to a create a “genome” of malware in the Android ecosystem, categorized by installation methods, activation mechanisms and the nature of their malicious payloads. Since the project started, they’ve collected more than 1,200 malware samples, and have started using that menagerie to conduct experiments.

They tested four leading mobile anti-virus brands, and found that some were starkly more effective than others. Lookout and Trend Micro performed well, identifying nearly 80 percent of infections, with AVG trailing at 54.7 percent. The clear loser was Symantec’s Norton, which found just 20.0 percent of malware during the team’s trials.

Project leaders Yajin Zhou and Xuxian Jiang, both of North Carolina State’s computer science department, co-authored a May paper calling for broader research on mobile malware, which they believe will help the mobile security industry create more effective products. The duo didn’t mince words regarding the current state of the industry.

The popularity and adoption of smartphones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing need to develop effective solutions. However, our defense capability is largely constrained by the limited understanding of these emerging mobile malware and the lack of timely access to related samples.

That’s the void they want to see the project fill, creating a family tree of known malware on Android that can be used by industry researchers to test and develop anti-virus software.

Given the rampant growth of Android malware, there is a pressing need to effectively mitigate or defend against them. However, without an insightful understanding of them, it is hard to imagine that an effective mitigation solution can be practically developed. To make matters worse, the research community at large is still constrained by the lack of a comprehensive mobile malware dataset to start with.

The researchers are making their dataset available to students, faculty and industry security researchers, but are concerned that it could be misused if opened to the public.