Mykolai Protsenko

Fraunhofer Institute for Applied and Integrated Security | AISEC · Secure Operating Systems

Code similarity measures create a comparison metric showing to what degree two code samples have the same functionality, e.g., to statically detect the use of known libraries in binary code. They are both an indispensable part of automated malware analysis, as well as a helper for the detection of plagiarism (IP protection) and the illegal use of o...

The most recent and prominent advances in industrial computing include the growing interconnectivity of cyber-physical devices, as well as the increasing variety of complex applications exchanging data across company domains. In this context, the data becomes a valuable business asset and a trade good. The Industrial Data Space is a platform design...

In the last few years, research has been motivated to provide a categorization and classification of security concerns accompanying the growing adaptation of Infrastructure as a Service (IaaS) clouds. Studies have been motivated by the risks, threats and vulnerabilities imposed by the components within the environment and have provided general clas...

Software piracy in general and repackaged apps with attached malware in particular pose serious threats for the Android ecosystem. In this paper, we present a cloud-compilation approach enabling sophisticated hardening of apps for non-rooted stock Android. Our design is based on off-device ahead-of-time compilation made possible by the Android Runt...

A wide adoption of obfuscation techniques by Android application developers, and especially malware authors, introduces a high degree of complication into the process of reverse engineering, analysis, and security evaluation of third-party and potentially harmful apps. In this paper we present the early results of our research aiming to provide rel...

We investigate the problem of creating complex software obfuscation for mobile applications. We construct complex software obfuscation from sequentially applying simple software obfuscation methods. We define several desirable and undesirable properties of such transformations, including idempotency and monotonicity. We empirically evaluate a set o...

Due to the proliferation of cloud computing, cloud-based systems are becoming an increasingly attractive target for malware. In an Infrastructure-as-a-Service (IaaS) cloud, malware located in a customer’s virtual machine (VM) affects not only this customer, but may also attack the cloud infrastructure and other co-hosted customers directly. This pa...

Having about 80 % of the market share, Android is currently the clearly dominating platform for mobile devices. Application theft and repackaging remains a major threat and a cause of significant losses, affecting as much as 97 % of popular paid apps. The ease of decompilation and reverse engineering of high-level bytecode, in contrast to native bi...

With over one billion sold devices, representing 80% market share, Android remains the most popular platform for mobile devices. Application piracy on this platform is a major concern and a cause of significant losses: about 97% of the top 100 paid apps were found to be hacked in terms of repackaging or the distribution of clones. Therefore new and...

In the work at hand, we first demonstrate that Android malware can bypass current automated analysis systems, including AV solutions, mobile sandboxes, and the Google Bouncer. A tool called Sand-Finger allowed us to fingerprint Android-based analysis systems. By analyzing the fingerprints of ten unique analysis environments from different vendors,...

We experimentally compare the strength of different source code obfuscation techniques by measuring the performance of human analysts. We describe an experimental setup by which it is possible to compare different obfuscation techniques with each other. As techniques, we considered name overloading and opaque predicates, as well as the combination...

In this paper, we propose a new approach for the static detection of Android malware by means of machine learning that is based on software complexity metrics, such as McCabe’s Cyclomatic Complexity and the Chidamber and Kemerer Metrics Suite. The practical evaluation of our approach, involving 20,703 benign and 11,444 malicious apps, witnesses a h...

In this paper, we demonstrate that Android mal-ware can bypass all automated analysis systems, including AV solutions, mobile sandboxes, and the Google Bouncer. We propose a tool called Sand-Finger for the fingerprinting of Android-based analysis systems. By analyzing the fingerprints of ten unique analysis environments from different vendors, we w...

Android, a Linux-based operating system, is currently the most popular platform for mobile devices like smart-phones and tablets. Recently, two closely related security threats have become a major concern of the research community: software piracy and malware. This paper studies the capabilities of code obfuscation for the purposes of plagiarized s...