Author:
Khalid Saneeha,Hussain Faisal Bashir,Gohar Moneeb
Abstract
The widespread use of obfuscation techniques in malware creation is a challenging problem for detection systems. Obfuscation is also being applied in applications of an Android platform for changing the signature of known applications and hiding the semantics of suspicious new applications. Obfuscation significantly affects static analysis schemes as the structure of the application is not a true representative of its behavior or is totally incomprehensible in case of encryption. The design of obfuscation independent schemes for malware detection and categorization is a critical task in designing malware detection schemes. The focus of this study is to find and evaluate features that are representative of the application’s behavior as well as independent of most obfuscation techniques. It has been found that memory-based features extracted from kernel task structure contain much information about the working of the application and are not affected by obfuscation schemes as they model the run time behavior of the application. In this study, an application’s profile is generated from the kernel task structure of the process in memory. All extracted features of the kernel task structure are thoroughly analyzed for their significance in classification. The proposed system is then tested for different obfuscation schemes in order to determine the effectiveness against malicious obfuscated applications. The results reveal that the proposed solution is able to detect the obfuscated malicious applications accurately.
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference46 articles.
1. Advanced persistent threat organization identification based on software gene of malware;Chen;Trans. Emerg. Telecommun. Technol.,2020
2. Identifying Android malware using dynamically obtained features;Afonso;J. Comput. Virol. Hacking Tech.,2015
3. Permission-based Android malware analysis by using dimension reduction with PCA and LDA;Kural;J. Inf. Secur. Appl.,2021
4. AmandaSystem: A new framework for static and dynamic Android malware analysis;Tang;J. Intell. Fuzzy Syst.,2022
5. Keyes, D.S., Li, B., Kaur, G., Lashkari, A.H., Gagnon, F., and Massicotte, F. (2021, January 18–19). EntropLyzer: Android Malware Classification and Characterization Using Entropy Analysis of Dynamic Characteristics. Proceedings of the 2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS), Hamilton, ON, Canada.