ANALISIS BLACK BOX DENGAN TEKNIK CODE OBFUSCATION PADA DETEKTOR MALWARE ANDROID
Tugas Akhir
Diajukan Untuk Memenuhi Persyaratan Guna Meraih Gelar Sarjana Informatika Universitas Muhammadiyah Malang
Ridhi Pratomo Pramudana (201610370311141)
Jaringan
PROGRAM STUDI INFORMATIKA FAKULTAS TEKNIK
UNIVERSITAS MUHAMMADIYAH MALANG
2022
i
LEMBAR PERSETUJUAN
ANALISIS BLACK BOX DENGAN TEKNIK CODE OBFUSCATION PADA DETEKTOR MALWARE ANDROID
Ridhi Pratomo Pramudana (201610370311141)
Telah Direkomendasikan Untuk Diajukan Sebagai Judul Tugas Akhir Di
Program Studi Informatika Universitas Muhammadiyah Malang
Menyetujui, Malang, 06/01/2022
Dosen II
Vinna Rahmayanti, SN, S.Si, M.Si NIP. 180306071990
Dosen I
Denar Regata Akbi, S.Kom, M.Kom NIP. 108.1612.0591
ii
LEMBAR PERNYATAAN
iii
LEMBAR PENGESAHAN
vi
LEMBAR PERSEMBAHAN
Puji syukur kepada Allah SWT atas rahmat dan karunia-Nya sehingga penulis dapat menyelesaikan Tugas Akhir ini. Banyak pihak yang terlibat dalam proses penulisan Tugas Akhir ini, maka dari itu pada kesempatan ini penulis mengucapkan terima kasih kepada seluruh pihak yang terlibat, khususnya untuk :
1. Semua keluarga Penulis. Khususnya kedua orang tua yang banyak sekali kasih sayang dan ketulusan yang beliau berikan kepada penulis.
2. Bapak Denar Regata Akbi, S.Kom, M.Kom Dan Ibu Vinna Rahmayanti, SN, S.Si, M.Si Selaku dosen pembimbing yang sangat baik hati, sabar dan memberikan banyak ilmu yang bermanfaat.
3. Seluruh dosen beserta staf program studi informatika Universitas Muhammadiyah Malang yang telah memberikan ilmu dan wawasan terhadap penulis selama melaksanakan studi.
4. Seluruh sahabat penulis. Muchammad Yusuf Iwang Pradana, Muhammad Fuad Wiguna, Aldy Ubaidilbarr Elfurqon, Septian Rio, Taruna Balong Islami, Andi Achmad, Amril Haq, Maulana Al Ichsan. Terimakasih telah menjadi sahabat yang baik, semoga silaturahmi kita semua tetap terjaga.
5. Seluruh rekan satu kelas informatika C angkatan 2016. Terimakasih telah menjadi teman yang baik, semoga silaturahmi kita semua tetap terjaga.
vii
KATA PENGANTAR
ِمْي ِح َّرلا ِنَمْح َّرلا ِالله ِمــــــــــــــــــْسِب
Dengan memanjatkan puji syukur kehadirat Allah SWT atas limpahan rahmat dan hidayah-Nya sehingga penulis dapat menyelesaikan tugas akhir yang berjudul
“
ANALISIS BLACK BOX DENGAN TEKNIK CODE OBFUSCATION PADA DETEKTOR MALWARE ANDROID”
Di dalam tulisan ini disajikan pokok - pokok bahasan yang meliputi latar belakang, landasan teori, metode penelitian, hasil dan pembahasan yang telah didapatkan oleh penulis. Tugas akhir ini merupakan salah satu syarat yang harus ditempuh oleh seluruh mahasiswa Universitas Muhammadiyah Malang, guna menyelesaikan akhir studi pada jenjang program Strata I.
Penulis menyadari sepenuhnya bahwa dalam penulisan tugas akhir ini masih banyak kekurangan dan keterbatasan. Oleh karena itu penulis mengharapkan saran yang membangun agar tulisan ini bermanfaat bagi perkembangan ilmu dan pengetahuan.
Malang, 20 Januari 2022
Ridhi Pratomo Pramudana
viii DAFTAR ISI
LEMBAR PERSETUJUAN... i
LEMBAR PERNYATAAN ... ii
LEMBAR PENGESAHAN ... iii
ABSTRAK ... iv
ABSTRACT ... v
LEMBAR PERSEMBAHAN ... vi
KATA PENGANTAR ... vii
DAFTAR ISI ... viii
DAFTAR GAMBAR ... x
DAFTAR TABEL ... xi
BAB I ... 1
1.1. Latar Belakang ... 1
1.2. Rumusan Masalah ... 4
1.3. Tujuan Penelitian ... 4
1.4. Cakupan Masalah ... 4
BAB II ... 5
2.1. Malware ... 5
2.2. Malware Android ... 6
2.3. Analisis Malware ... 7
2.4. Obfuscation ... 7
2.5. Obfuscapk ... 8
2.6. False Positives (FP) dan False Negatives (FN) ... 12
2.7. VirusTotal ... 12
BAB III ... 14
3.1. Rancangan Penelitian ... 14
3.2. Analisa Kebutuhan Sistem ... 15
3.3. Skema Implementasi dan Pengujian ... 17
3.3.1. Pengumpulan Dataset Malware Family ... 19
3.3.2. Preprocessing Data ... 19
3.3.3. Processing Data ... 23
ix
3.3.4. Pengujian Menggunakan VirusTotal ... 24
3.3.5. Evaluasi Hasil dari Pengujian VirusTotal ... 25
BAB IV ... 27
4.1. Implementasi ... 27
4.1.1. Sampel Malware ... 27
4.1.2. Detektor Malware ... 28
4.1.3. Obfuscation ... 29
4.2. Hasil Pengujian ... 31
4.2.1. BankBot ... 32
4.2.2. CopyCat ... 33
4.2.3. FakeBank ... 34
4.2.4. Gazon ... 35
4.2.5. Judy ... 36
4.2.6. Godless ... 37
4.2.7. HummingBad ... 38
4.2.8. RedDrop ... 39
4.2.9. SocialPath ... 40
4.2.10. TubeMate ... 41
4.2.11. Xbot ... 42
4.2.12. Xiny ... 43
4.3. Analisis Hasil Pengujian ... 44
BAB V ... 49
5.1. Kesimpulan ... 49
5.2. Saran ... 50
Daftar Pustaka ... 51
x
DAFTAR GAMBAR
Gambar 2.1 Antarmuka tool Obfuscapk ... 8
Gambar 3.1 Rancangan penelitian ... 14
Gambar 3.2 Skema implementasi dan pengujian ... 18
Gambar 4.1 Hasil pendeteksi VirusTotal untuk keseluruhan sampel malware tanpa obfuscation ... 28
Gambar 4.2 Hasil pengujian sampel malware BankBot ... 32
Gambar 4.3 Hasil pengujian sampel malware CopyCat ... 33
Gambar 4.4 Hasil pengujian sampel malware FakeBank ... 34
Gambar 4.5 Hasil pengujian sampel malware Gazon ... 35
Gambar 4.6 Hasil pengujian sampel malware Judy ... 36
Gambar 4.7 Hasil pengujian sampel malware Godless ... 37
Gambar 4.8 Hasil pengujian sampel malware HummingBad ... 38
Gambar 4.9 Hasil pengujian sampel malware RedDrop ... 39
Gambar 4.10 Hasil pengujian sampel malware SocialPath ... 40
Gambar 4.11 Hasil pengujian sampel malware TubeMate ... 41
Gambar 4.12 Hasil pengujian sampel malware Xbot ... 42
Gambar 4.13 Hasil pengujian sampel malware Xiny ... 43
Gambar 4.14 Hasil deteksi pengujian keseluruhan pendeteksi malware ... 45
Gambar 4.15 Hasil deteksi pengujian keseluruhan kategori obfuscator ... 46
Gambar 4.16 Hasil deteksi pengujian keseluruhan sampel malware ... 47
xi
DAFTAR TABEL
Tabel 3.1 Tabel kebutuhan perangkat keras (Hardware) ... 16
Tabel 3.2 Tabel kebutuhan perangkat lunak (Software) ... 16
Tabel 3.3 Tabel obfuscator Obfuscapk ... 23
Tabel 4.1 Tabel 12 detektor malware teratas ... 29
Tabel 4.2 Tabel obfuscator Obfuscapk yang diimplementasikan ... 30
51
Daftar Pustaka
[1] S. Liu, “Android - Statistics & Facts,” statista, 2020.
https://www.statista.com/topics/876/android/.
[2] B. Runciman, “Cybersecurity Report 2020,” Itnow, vol. 62, no. 4, pp. 28–
29, 2020, doi: 10.1093/itnow/bwaa103.
[3] A. Apvrille and R. Nigam, “Obfuscation in Android malware, and how to fight back,” no. July, p. 10, 2014, [Online]. Available:
https://www.virusbtn.com/virusbulletin/archive/2014/07/vb201407- Android-obfuscation#citation.22.
[4] M. Christodorescu and S. Jha, “Testing malware detectors,” in Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis - ISSTA ’04, 2004, p. 34, doi: 10.1145/1007512.1007518.
[5] B. Barak et al., “On the (Im)possibility of Obfuscating Programs (Extended Abstract),” Adv. Cryptol. - CRYPTO 2001, vol. 2139, no. Im, pp. 1–18, 2001, [Online]. Available: http://link.springer.com/chapter/10.1007/3-540- 44647-8_1.
[6] M. Melis, D. Maiorca, B. Biggio, G. Giacinto, and F. Roli, “Explaining Black-box Android Malware Detection,” Mar. 2018, [Online]. Available:
http://arxiv.org/abs/1803.03544.
[7] “VirusTotal.” https://www.virustotal.com/gui/.
[8] S. Aonzo, G. C. Georgiu, L. Verderame, and A. Merlo, “Obfuscapk: An open-source black-box obfuscation tool for Android apps,” SoftwareX, vol.
11, Jan. 2020, doi: 10.1016/j.softx.2020.100403.
[9] G. Nellaivadivelu, F. Di Troia, and M. Stamp, “Black box analysis of android malware detectors,” Array, vol. 6, no. November 2019, p. 100022, 2020, doi: 10.1016/j.array.2020.100022.
[10] M. D. Preda and F. Maggi, “Testing android malware detectors against code obfuscation: a systematization of knowledge and unified
methodology,” J. Comput. Virol. Hacking Tech., vol. 13, no. 3, pp. 209–
232, 2017, doi: 10.1007/s11416-016-0282-2.
[11] M. Parkour, “Contagio Mobile Malware Mini Dump,” Contagio mini dump. http://contagiominidump.blogspot.com/.
[12] C. Tumbleson and R. Wiśniewski, “Apktool,” 2020.
https://ibotpeaches.github.io/Apktool/.
[13] H. Singh and A. Bijalwan, “A survey on Malware, Botnets and their detection,” Int. J. Adv. Eng. Res. Sci., vol. 3, no. 3, pp. 85–90, 2016.
[14] Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution,” Proc. - IEEE Symp. Secur. Priv., no. 4, pp. 95–109, 2012, doi:
52 10.1109/SP.2012.16.
[15] A. Kapratwar, F. Di Troia, and M. Stamp, “Static and dynamic analysis of android malware,” ICISSP 2017 - Proc. 3rd Int. Conf. Inf. Syst. Secur.
Priv., vol. 2017-Janua, no. January, pp. 653–662, 2017, doi:
10.5220/0006256706530662.
[16] D. Ucci, L. Aniello, and R. Baldoni, “Survey of machine learning techniques for malware analysis,” Comput. Secur., vol. 81, pp. 123–147, 2019, doi: 10.1016/j.cose.2018.11.001.
[17] S. Dong, M. Li, W. Diao, X. Liu, and J. L. B, Techniques : A Large-Scale Investigation in the Wild, vol. 2, no. August. Springer International Publishing, 2018.
[18] D. Maiorca, D. Ariu, I. Corona, M. Aresu, and G. Giacinto, “Stealth attacks: An extended insight into the obfuscation effects on Android malware,” Comput. Secur., vol. 51, pp. 16–31, 2015, doi:
10.1016/j.cose.2015.02.007.
[19] M. Backes, S. Bugiel, E. Derr, P. McDaniel, D. Octeau, and S. Weisgerber,
“On demystifying the android application framework: Re-visiting android permission specification analysis,” Proc. 25th USENIX Secur. Symp., pp.
1101–1116, 2016.
[20] D. Colquhoun, “The reproducibility of research and the misinterpretation of p-values,” R. Soc. Open Sci., vol. 4, no. 12, 2017, doi:
10.1098/rsos.171085.
[21] A. Banerjee, U. Chitnis, S. Jadhav, J. Bhawalkar, and S. Chaudhury,
“Hypothesis testing, type I and type II errors,” Ind. Psychiatry J., vol. 18, no. 2, p. 127, 2009, doi: 10.4103/0972-6748.62274.
[22] VirusTotal, “How it works.” https://support.virustotal.com/hc/en- us/articles/115002126889-How-it-works.
[23] B. Quintero, “AV Comparative Analyses, Marketing, and VirusTotal: A Bad Combination,” VirusTotal, 2012.
https://blog.virustotal.com/2012/08/av-comparative-analyses-marketing- and.html.
[24] Dr.Web, “Android.BankBot.34.origin,” 2015.
https://vms.drweb.ru/virus/?i=4249551.
[25] V. Zhang, “'GODLESS’ Mobile Malware Uses Multiple Exploits to Root Devices,” no. June, pp. 1–9, 2016, [Online]. Available:
http://blog.trendmicro.com/trendlabs-security-intelligence/godless-mobile- malware-uses-multiple-exploits-root-devices/.
[26] “The Judy Malware: Possibly the largest malware campaign found on Google Play,” Check Point Blog, 2017.
https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest- malware-campaign-found-google-play/.
53
[27] Check Point Blog, “How the CopyCat malware infected Android devices around the world,” Check Point, 2017.
https://blog.checkpoint.com/2017/07/06/how-the-copycat-malware- infected-android-devices-around-the-world/.
[28] B. Skies, “Tubemate ‘Virus,’” HowToRemove.Guide, 2017.
https://howtoremove.guide/tubemate-virus-android-remove/.
[29] S. Aimoto, “New Fakebank Variant Intercepts Calls to Connect Banking Users to Scammers,” BROADCOM, 2018. https://symantec-enterprise- blogs.security.com/blogs/threat-intelligence/fakebank-intercepts-calls- banks.
[30] N. Campbell, “RedDrop: the blackmailing mobile malware family lurking in app stores,” wandera, 2018. https://www.wandera.com/reddrop-
malware/.
[31] Check Point Software Technologies Ltd., “From HummingBad to Worse Meet the Yingmob,” pp. 1–24, 2016.
[32] “Trojan targeted dozens of games on Google Play,” Dr.Web, 2016.
https://news.drweb.com/show/?i=9803&lng=en.
[33] Z. X. Cong Zheng, Claud Xiao, “New Android Trojan ‘Xbot’ Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom,” Paloalto Networks, 2016. https://unit42.paloaltonetworks.com/new-android-trojan- xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/.
[34] Y. Zhou, “Worm.Gazon: Want Gift Card? Get Malware,” AdaptiveMobile Security, 2015. https://www.adaptivemobile.com/blog/worm-gazon-want- gift-card-get-malware.
[35] J. Linden, “The privacy tool that wasn’t: SocialPath malware pretends to protect your data, then steals it,” Lookout, 2015.
https://blog.lookout.com/socialpath.
[36] E. September and L. Revision, “Details of False Alarms Appendix to the Anti-Virus Comparative September 2017,” no. September, pp. 1–19, 2017.
[37] “Koodous.” https://koodous.com/.
