Detection of Obfuscation Techniques in Android Applications

Current signature detection mechanisms can be easily evaded by malware writers by applying obfuscation techniques. Employing morphing code techniques, attackers are able to generate several variants of one malicious sample, making the corresponding signature obsolete. Considering that the signature definition is a laborious process manually performed by security analysts, in this paper we propose a method, exploiting static analysis and Machine Learning classification algorithms, to identify whether a mobile application is modified by means of one or more morphing techniques. We perform experiments on a real-world dataset of Android applications (morphed and original), obtaining encouraging results in the obfuscation technique(s) identification.

Detection of Obfuscation Techniques in Android Applications

Bacci, Alessandro;Bartoli, Alberto;Martinelli, Fabio;Medvet, Eric;Mercaldo, Francesco

2018-01-01

Abstract

Current signature detection mechanisms can be easily evaded by malware writers by applying obfuscation techniques. Employing morphing code techniques, attackers are able to generate several variants of one malicious sample, making the corresponding signature obsolete. Considering that the signature definition is a laborious process manually performed by security analysts, in this paper we propose a method, exploiting static analysis and Machine Learning classification algorithms, to identify whether a mobile application is modified by means of one or more morphing techniques. We perform experiments on a real-world dataset of Android applications (morphed and original), obtaining encouraging results in the obfuscation technique(s) identification.

Scheda breve

Scheda completa

	Anno
	
				2018
			
	ISBN
	
				9781450364485
			
	URL
	
				https://dl.acm.org/citation.cfm?id=3232823
			
	Appare nelle tipologie:
	
				4.1 Contributo in Atti Convegno (Proceeding)

File in questo prodotto:

File	Dimensione	Formato
2018-IWSMA-DetectionOfObfuscationTechnique (1).pdf accesso aperto Descrizione: Articolo principale Tipologia: Bozza finale post-referaggio (post-print) Licenza: Digital Rights Management non definito Dimensione 536.56 kB Formato Adobe PDF Visualizza/Apri	536.56 kB	Adobe PDF	Visualizza/Apri
frontmatter+a57.pdf Accesso chiuso Tipologia: Documento in Versione Editoriale Licenza: Copyright Editore Dimensione 1.17 MB Formato Adobe PDF Visualizza/Apri Richiedi una copia	1.17 MB	Adobe PDF	Visualizza/Apri Richiedi una copia

Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11368/2928986

Citazioni

ND

23

15

social impact