Periodic Reporting for period 1 - EVADES (Evasion-aware Detection Sandbox)
Période du rapport: 2024-03-01 au 2025-08-31
Mobile malware is getting harder and harder to detect and malicious apps regularly appear on the official Play Store, despite the considerable effort Google and the security industry put into early detection and validation of each application.
To mitigate this problem, the goal of EVADES is to combine a number of novel techniques developed as part of the ERC BitCrumbs project into the first evasion-resilient, scalable, and maintainable sandbox to analyze Android applications.
Our current prototype outperforms all open-source and commercial competitors, showing a significant technological advantage over the current market.
We already performed preliminary experiments and the results we obtained are as worrisome for users as they are encouraging to justify a business idea.
In fact, 70% of the Android malware we tested with our technology implemented some form of evasion targeting existing malware analysis tools.
This shows that the data we are using today to decide whether applications are benign or malicious is completely unreliable.
The EVADES project will focus on transforming our prototype into production software, developing the missing components required to produce an MVP, and exploring different ways we could sell and monetize our technology.
To mitigate this problem, the goal of EVADES is to combine a number of novel techniques developed as part of the ERC BitCrumbs project into the first evasion-resilient, scalable, and maintainable sandbox to analyze Android applications.
Our current prototype outperforms all open-source and commercial competitors, showing a significant technological advantage over the current market.
We already performed preliminary experiments and the results we obtained are as worrisome for users as they are encouraging to justify a business idea.
In fact, 70% of the Android malware we tested with our technology implemented some form of evasion targeting existing malware analysis tools.
This shows that the data we are using today to decide whether applications are benign or malicious is completely unreliable.
The EVADES project will focus on transforming our prototype into production software, developing the missing components required to produce an MVP, and exploring different ways we could sell and monetize our technology.
We developed the first MVP of the product, which included the following activities:
- We completed all server-side development
- We built the cloud deployment, database, APIs
- We developed the web interface for the product
- We developed an array of novel features, such as a unique cleartext PCAP export (containing deciphered SSL traffic) and a Yara module to write signatures based on our reports.
- We tested and integrated all components
- We developed a ML classifier to assign a malicious score
We conducted a marked analysis of competitors and of possible clients.
- We completed all server-side development
- We built the cloud deployment, database, APIs
- We developed the web interface for the product
- We developed an array of novel features, such as a unique cleartext PCAP export (containing deciphered SSL traffic) and a Yara module to write signatures based on our reports.
- We tested and integrated all components
- We developed a ML classifier to assign a malicious score
We conducted a marked analysis of competitors and of possible clients.
We are now in the process of registering the company and discuss with the first clients.