Impact of Code Obfuscation on Android Malware Detection based on Static and Dynamic Analysis

The huge diffusion of malware in mobile platform is plaguing users. New malware proliferates at a very fast pace: as a matter of fact, to evade the signature-based mechanism implemented in current antimalware, the application of trivial obfuscation techniques to existing malware is sufficient. In this paper, we show how the application of several morphing techniques affects the effectiveness of two widespread malware detection approaches based on Machine Learning coupled respectively with static and dynamic analysis. We demonstrate experimentally that dynamic analysis-based detection performs equally well in evaluating obfuscated and non-obfuscated malware. On the other hand, static analysis-based detection is more accurate on nonobfuscated samples but is greatly negatively affected by obfuscation: however, we also show that this effect can be mitigated by using obfuscated samples also in the learning phase.

[1]  Michael Backes,et al.  LUNA: Quantifying and Leveraging Uncertainty in Android Malware Analysis through Bayesian Machine Learning , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[2]  Eric Medvet,et al.  Spotting the Malicious Moment: Characterizing Malware Behavior Using Dynamic Features , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[3]  Jun Sun,et al.  Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique , 2017, IEEE Transactions on Information Forensics and Security.

[4]  Mahmoud M. Hammad,et al.  Obfuscation-Resilient , Efficient , and Accurate Detection and Family Identification of Android Malware , 2015 .

[5]  Mansour Ahmadi,et al.  DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware , 2017, CODASPY.

[6]  Ali Feizollah,et al.  The Evolution of Android Malware and Android Analysis Techniques , 2017, ACM Comput. Surv..

[7]  Fabio Roli,et al.  Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection , 2017, IEEE Transactions on Dependable and Secure Computing.

[8]  Gerardo Canfora,et al.  Metamorphic Malware Detection Using Code Metrics , 2014, Inf. Secur. J. A Glob. Perspect..

[9]  Gerardo Canfora,et al.  Obfuscation Techniques against Signature-Based Detection: A Case Study , 2015, 2015 Mobile Systems Technologies Workshop (MST).

[10]  Xuxian Jiang,et al.  DroidChameleon: evaluating Android anti-malware against transformation attacks , 2013, ASIA CCS '13.

[11]  Fabio Martinelli,et al.  Evaluating Convolutional Neural Network for Effective Mobile Malware Detection , 2017, KES.

[12]  Eric Medvet,et al.  Effectiveness of Opcode ngrams for Detection of Multi Family Android Malware , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[13]  Ludovic Mé,et al.  Code obfuscation techniques for metamorphic viruses , 2008, Journal in Computer Virology.

[14]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[15]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[16]  Aniello Cimitile,et al.  Formal Methods Meet Mobile Code Obfuscation Identification of Code Reordering Technique , 2017, 2017 IEEE 26th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE).

[17]  John C. S. Lui,et al.  ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-virus Systems , 2012, DIMVA.

[18]  Eric Medvet,et al.  Detecting Android malware using sequences of system calls , 2015, DeMobile@SIGSOFT FSE.

[19]  Xuxian Jiang,et al.  Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks , 2014, IEEE Transactions on Information Forensics and Security.

[20]  R. Ramachandran,et al.  Android Anti-Virus Analysis , .

[21]  Roberto Di Pietro,et al.  Alterdroid: Differential Fault Analysis of Obfuscated Smartphone Malware , 2016, IEEE Transactions on Mobile Computing.

[22]  Kieran McLaughlin,et al.  Detecting obfuscated malware using reduced opcode set and optimised runtime trace , 2016, Security Informatics.

[23]  Eric Medvet,et al.  Exploring the Usage of Topic Modeling for Android Malware Static Analysis , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).