Publication:
ANDRODET: An adaptive Android obfuscation detector

Loading...
Thumbnail Image
Identifiers
Publication date
2019-01-01
Defense date
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
Elsevier
Impact
Google Scholar
Export
Research Projects
Organizational Units
Journal Issue
Abstract
Obfuscation techniques modify an app's source (or machine) code in order to make it more difficult to analyze. This is typically applied to protect intellectual property in benign apps, or to hinder the process of extracting actionable information in the case malware. Since malware analysis often requires considerable resource investment, detecting the particular obfuscation technique used may contribute to apply the right analysis tools, thus leading to some savings. In this paper, we propose ANDRODET, a mechanism to detect three popular types of obfuscation in Android applications, namely identifier renaming, string encryption, and control flow obfuscation. ANDRODET leverages online learning techniques, thus being suitable for resource-limited environments that need to operate in a continuous manner. We compare our results with a batch learning algorithm using a dataset of 34,962 apps from both malware and benign apps. Experimental results show that online learning approaches are not only able to compete with batch learning methods in terms of accuracy, but they also save significant amount of time and computational resources. Particularly, ANDRODET achieves an accuracy of 92.02% for identifier renaming detection, 81.41% for string encryption detection, and 68.32% for control flow obfuscation detection, on average. Also, the overall accuracy of the system when apps might be obfuscated with more than one technique is around 80.66%. (C) 2018 The Authors. Published by Elsevier B.V.
Description
Keywords
obfuscation detection, android, machine learning, malware
Bibliographic citation
Mirzaei, O., Fuentes, J.M., Tapiador, J. González- Manzano, L. (2019). AndrODet: An adaptive Android obfuscation detector. Future Generation Computer Systems, 90, pp. 240-261. https://doi.org/10.1016/j.future.2018.07.066