Impact of Code Obfuscation on Android Malware Detection based on Static and Dynamic Analysis

posted Nov 22, 2017, 8:43 AM by Eric Medvet   [ updated Nov 22, 2017, 8:43 AM ]
  • International Conference on Information Systems Security and Privacy (ICISSP), 2018, Madeira (Portugal), to appear
  • Alessandro Bacci, Alberto Bartoli, Fabio Martinelli, Eric Medvet, Francesco Mercaldo, Corrado Aaron Visaggio
The huge diffusion of malware in mobile platform is plaguing users. New malware proliferates at a very fast pace: as a matter of fact, to evade the signature-based mechanism implemented in current antimalware, the application of trivial obfuscation techniques to existing malware is sufficient. In this paper, we show how the application of several morphing techniques affects the effectiveness of two widespread malware detection approaches based on Machine Learning coupled respectively with static and dynamic analysis. We demonstrate experimentally that dynamic analysis-based detection performs equally well in evaluating obfuscated and non-obfuscated malware. On the other hand, static analysis-based detection is more accurate on non-obfuscated samples but is greatly negatively affected by obfuscation: however, we also show that this effect can be mitigated by using obfuscated samples also in the learning phase.