Welcome to email: mengguozhu[AT]iie.ac.cn for further information.
We create this website for the paper "Mystique: Evolving Android Malware for Auditing Anti-Malware Tools". Due to the space constraints, we cannot put all materials into the paper, and thereby put them here instead. In this website, readers are expected to see a brief description of the paper; the supplementary contents which are omitted in the paper; and other interesting thoughts or experiments which are not talked in the paper.
1. Supplementary contents which are omitted in the paper.
Full details of the feature model of Android malware can be found at Feature Selection >> Feature Model of Android Malware. We provide several files recording all kinds of features for further inspection.
Full details of BNF of BDL can be found at Construction of Malicious Behavior.
The script to simulate all triggers (mentioned in Section 7.1 Defense in the paper) is presented at Evaluation.
We list all 18 cases which can be detected by AVs in Table 3 of Auditing of AMTs (Mentioned in the first hypothesis in Section 7.3 of the paper).
We provide a detailed description of evolved malware during the controlled experiment (Section 7.4.2 in paper). Please refer to Representative Malware and Usefulness of Mystique.
We provide screenshots (Fig. 2, 3, 4) to show that our uploaded apps (in Android markets) have collected some information (We already remove apps from shelves to avoid further damages to users). Please refer to the fourth hypothesis in Auditing of AMTs.
2. Other interesting thoughts or experiments which are not talked in the paper.
We compare the Mystique benchmark with state-of-the-art benchmark, DroidBench in Benchmark Comparison.
Performance measure shows the runtime of Mystique.
We provide video demos to show the process of malware generation and service of AMTs at Tool Demo.