Project description
New sandbox to revolutionise the Android security market
Mobile malware is challenging to identify, despite efforts by Google and the security industry to detect and validate each application. Malicious apps continue to emerge on the official Play Store, highlighting the unreliability of current data used to determine an application’s safety. The ERC-funded EVADES project aims to revolutionise the Android security market by combining novel techniques to create a scalable, maintainable and evasion-resilient sandbox for analysing Android applications. The current prototype surpasses all competitors and holds a significant technological advantage. The project is now concentrating on developing client-side components and exploring methods to monetise the technology.
Objective
Mobile malware is getting harder and harder to detect.
This is one of the reasons why malicious apps regularly appear on the official Play Store, despite the considerable effort Google and the security industry put into early detection and validation of each application.
To mitigate this problem, EVADES aims to combine a number of novel techniques developed as part of the ERC BitCrumbs project into the first evasion-resilient, scalable, and maintainable sandbox to analyze Android applications.
Our current prototype outperforms all open-source and commercial competitors, showing a significant technological advantage over the current market.
We already performed preliminary experiments and the results we obtained are as worrisome for users as they are encouraging to justify a business idea.
In fact, 70% of the Android malware we tested with our technology implemented some form of evasion targeting existing malware analysis tools.
This shows that the data we are using today to decide whether applications are benign or malicious is completely unreliable.
The EVADES project will focus on transforming our prototype server-side component into production software, developing the missing client-side components required to produce an MVP, and exploring different ways we could sell and monetize our technology.
We are certain that our solution has the potential to revolutionize the Android security market by providing a more accurate and scalable way to collect information about the behavior of applications.
This is paramount for any mobile security solution, as well as for existing and future machine learning-based approaches that today struggle to use the unreliable information provided by existing dynamic analysis systems.
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
- natural sciences computer and information sciences software
- natural sciences computer and information sciences computer security malicious software
You need to log in or register to use this function
We are sorry... an unexpected error occurred during execution.
You need to be authenticated. Your session might have expired.
Thank you for your feedback. You will soon receive an email to confirm the submission. If you have selected to be notified about the reporting status, you will also be contacted when the reporting status will change.
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
HORIZON.1.1 - European Research Council (ERC)
MAIN PROGRAMME
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
HORIZON-ERC-POC - HORIZON ERC Proof of Concept Grants
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) ERC-2023-POC
See all projects funded under this callHost institution
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
06410 BIOT
France
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.