Detection of Obfuscation Techniques in Android Applications

posted Jun 11, 2018, 1:17 AM by Eric Medvet   [ updated Jun 18, 2018, 3:36 AM ]
  • 7th International Workshop on Security of Mobile Applications (IWSMA), 2018, Hamburg (Germany), to appear
  • Alessandro Bacci, Alberto Bartoli, Fabio Martinelli, Eric Medvet, Francesco Mercaldo
Current signature detection mechanisms can be easily evaded by malware writers by applying obfuscation techniques. Employing morphing code techniques, attackers are able to generate several variants of one malicious sample, making the corresponding signature obsolete. Considering that the signature definition is a laborious process manually performed by security analysts, in this paper we propose a method, exploiting static analysis and Machine Learning classification algorithms, to identify whether a mobile application is modified by means of one or more morphing techniques. We perform experiments on a real-world dataset of Android applications (morphed and original), obtaining encouraging results in the obfuscation technique(s) identification.
Eric Medvet,
Jun 11, 2018, 1:18 AM