The rise of obfuscated Android malware and impacts on detection methods

Elsersy, Wael F.; Feizollah, Ali; Anuar, Nor Badrul

doi:10.7717/peerj-cs.907

Cited by 25 publications

(17 citation statements)

References 181 publications

(334 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…[138,139,140]). However, they did not succeed, as proved in this survey and also in other surveys (e.g., [31]…”

Section: Datasetsmentioning

confidence: 42%

“…Various surveys were conducted on problem-space evasion attacks, e.g. [22,23,24,25,26,27,28,29,30,31,32,33,34]. However, some of these surveys are general and therefore do not focus on a specific domain of evasion attacks [23,27,28,30,32,33].…”

Section: Introductionmentioning

confidence: 99%

“…Other surveys analyze domains other than Android OS, such as adversarial network examples, Windows PEs, Natural Language Processing, and images [22,24,25,26,29]. Several surveys focused on evasion attacks on the Android OS domain, for example [35,31,34]. While Bhusal and Rastogi [35] presented work on the nature of feature-space and problem-space attacks, they only explored one problem-space evasion attack.…”

Section: Introductionmentioning

confidence: 99%

“…While Bhusal and Rastogi [35] presented work on the nature of feature-space and problem-space attacks, they only explored one problem-space evasion attack. Also, [31,34] surveys suggest a different taxonomy, which focuses on the evasion techniques, while our survey analyzes different aspects that have increased in recent years; For example, the importance of functional evaluation [2] and the orientation of different problem-space attacks. Second, exploring problem-space attacks is vital to test the realistic assumptions of feature-space evasion attacks.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Problem-Space Evasion Attacks in the Android OS: a Survey

Berger¹,

Hajaj²,

Dvir³

2022

Preprint

View full text Add to dashboard Cite

Android is the most popular OS worldwide. Therefore, it is a target for various kinds of malware. As a countermeasure, the security community works day and night to develop appropriate Android malware detection systems, with MLbased or DL-based systems considered as some of the most common types.Against these detection systems, intelligent adversaries develop a wide set of evasion attacks, in which an attacker slightly modifies a malware sample to evade its target detection system. In this survey, we address problem-space evasion attacks in the Android OS, where attackers manipulate actual APKs, rather than their extracted feature vector. We aim to explore these kind of attacks, frequently overlooked by the research community due to a lack of knowledge of the Android domain, or due to focusing on general mathematical evasion attacks -i.e., feature-space evasion attacks. We discuss the different aspects of problemspace evasion attacks, using a new taxonomy, which focuses on key ingredients of each problem-space attack, such as the attacker model, the attacker's mode of operation, and the functionality assessment of post-attack applications.

show abstract

“…[138,139,140]). However, they did not succeed, as proved in this survey and also in other surveys (e.g., [31]…”

Section: Datasetsmentioning

confidence: 42%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Problem-Space Evasion Attacks in the Android OS: a Survey

Berger¹,

Hajaj²,

Dvir³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Malware authors are always looking for new tricks and mechanisms to bypass Android security. The malware authors adopt different obfuscation and transformation techniques to bypass the anti-malware detection ( Elsersy, Feizollah & Anuar, 2022 ). The main motivation of this work is to evaluate the anti-malware tools against the malware that uses code-obfuscations.…”

Section: Introductionmentioning

confidence: 99%

On the evaluation of android malware detectors against code-obfuscation techniques

Nawaz

Aleem

Lin

2022

PeerJ Computer Science

View full text Add to dashboard Cite

The Android mobile platform is the most popular and dominates the cell phone market. With the increasing use of Android, malware developers have become active in circumventing security measures by using various obfuscation techniques. The obfuscation techniques are used to hide the malicious code in the Android applications to evade detection by anti-malware tools. Some attackers use the obfuscation techniques in isolation, while some attackers use a mixed approach (i.e., employing multiple obfuscation techniques simultaneously). Therefore, it is crucial to analyze the impact of the different obfuscation techniques, both when they are used in isolation and when they are combined as hybrid techniques. Several studies have suggested that the obfuscation techniques may be more effective when used in a mixed pattern. However, in most of the related works, the obfuscation techniques used for analysis are either based on individual or a combination of primitive obfuscation techniques. In this work, we provide a comprehensive evaluation of anti-malware tools to gauge the impact of complex hybrid code-obfuscations techniques on malware detection capabilities of the prominent anti-malware tools. The evaluation results show that the inter-category-wise hybridized code obfuscation results in more evasion as compared to the individual or simple hybridized code obfuscations (using multiple and similar code obfuscations) which most of the existing related work employed for the evaluation. Obfuscation techniques significantly impact the detection rate of any anti-malware tool. The remarkable result i.e., almost 100% best detection rate is observed for the seven out of 10 tools when analyzed using the individual obfuscation techniques, four out of 10 tools on category-wise obfuscation, and not a single anti-malware tool attained full detection (i.e., 100%) for inter-category obfuscations.

show abstract