The increasing popularity of smartphones has made them a target for malware. In this talk, I will introduce both defense against mobile malware and attacks that break existing malware detection. In the first half of my talk, I will introduce a malware detection approach. Namely AppContext, an approach of static program analysis that extracts the contexts of security-sensitive behaviors to assist app analysis in differentiating between malicious and benign behaviors.
In the second half of the talk, I will present attacks that break existing malware detection. Specifically, I will introduce Malware Recomposition Variation (MRV), an approach that conducts semantic analysis of existing malware to systematically construct new malware variants for malware detectors to test and strengthen their detection signatures/models. In particular, we use two variation strategies (i.e., malware evolution attack and mal- ware confusion attack) following structures of existing malware to enhance feasibility of the attacks. Upon the given malware, we con- duct semantic-feature mutation analysis and phylogenetic analysis to synthesize mutation strategies. Based on these strategies, we perform program transplantation to automatically mutate malware bytecode to generate new malware variants.