ANDRODET: An adaptive Android obfuscation detector

e-Archivo Repository

Show simple item record Mirzaei, Omid Fuentes García-Romero de Tejada, José María de Estévez Tapiador, Juan Manuel González Manzano, Lorena 2021-12-15T15:14:06Z 2021-12-15T15:14:06Z 2019-01-01
dc.identifier.bibliographicCitation Mirzaei, O., Fuentes, J.M., Tapiador, J. González- Manzano, L. (2019). AndrODet: An adaptive Android obfuscation detector. Future Generation Computer Systems, 90, pp. 240-261.
dc.identifier.issn 0167-739X
dc.description.abstract Obfuscation techniques modify an app's source (or machine) code in order to make it more difficult to analyze. This is typically applied to protect intellectual property in benign apps, or to hinder the process of extracting actionable information in the case malware. Since malware analysis often requires considerable resource investment, detecting the particular obfuscation technique used may contribute to apply the right analysis tools, thus leading to some savings. In this paper, we propose ANDRODET, a mechanism to detect three popular types of obfuscation in Android applications, namely identifier renaming, string encryption, and control flow obfuscation. ANDRODET leverages online learning techniques, thus being suitable for resource-limited environments that need to operate in a continuous manner. We compare our results with a batch learning algorithm using a dataset of 34,962 apps from both malware and benign apps. Experimental results show that online learning approaches are not only able to compete with batch learning methods in terms of accuracy, but they also save significant amount of time and computational resources. Particularly, ANDRODET achieves an accuracy of 92.02% for identifier renaming detection, 81.41% for string encryption detection, and 68.32% for control flow obfuscation detection, on average. Also, the overall accuracy of the system when apps might be obfuscated with more than one technique is around 80.66%. (C) 2018 The Authors. Published by Elsevier B.V.
dc.description.sponsorship This work has been partially supported by MINECO grantTIN2016-79095-C2-2-R (SMOG-DEV) and CAM grant S2013/ICE-3095 (CIBERDINE), co-funded with European FEDER funds. Furthermore, it has been partially supported by the UC3M’sgrant Programa de Ayudas para la Movilidad
dc.language.iso eng
dc.publisher Elsevier
dc.rights © 2018 The Authors. Published by Elsevier B.V.
dc.rights Atribución-NoComercial-SinDerivadas 3.0 España
dc.subject.other obfuscation detection
dc.subject.other android
dc.subject.other machine learning
dc.subject.other malware
dc.title ANDRODET: An adaptive Android obfuscation detector
dc.type article
dc.subject.eciencia Informática
dc.rights.accessRights openAccess
dc.relation.projectID Comunidad de Madrid. S2013/ICE-3095
dc.relation.projectID Gobierno de España. TIN2016-79095-C2-2-R
dc.type.version publishedVersion
dc.identifier.publicationfirstpage 240
dc.identifier.publicationlastpage 261
dc.identifier.publicationtitle Future Generation Computer Systems-The International Journal of eScience
dc.identifier.publicationvolume 90
dc.identifier.uxxi AR/0000022235
dc.contributor.funder European Commission
dc.contributor.funder Ministerio de Economía y Competitividad (España)
dc.contributor.funder Universidad Carlos III de Madrid
dc.affiliation.dpto UC3M. Departamento de Informática
dc.affiliation.grupoinv UC3M. Grupo de Investigación: COSEC (Computer SECurity Lab)
 Find Full text

Files in this item

*Click on file's image for preview. (Embargoed files's preview is not supported)

The following license files are associated with this item:

This item appears in the following Collection(s)

Show simple item record