Towards Behavior-Based Analysis of Android Obfuscated Malware

Towards Behavior-Based Analysis of Android Obfuscated Malware

연구 분야: Safety

학회: European Conference on Software Architecture

In this paper, we report on the initial results of an ongoing project that aims to rigorously detect obfuscated Android malware. In fact, the detection of Android malware has become increasingly complex as malicious app developers employ various obfuscation techniques. Previous approaches have focused on addressing specific obfuscation methods, but the dynamic nature of these techniques presents challenges in accounting for all possible variations. In response to this challenge, we have developed an innovative behavioral methodology for analyzing obfuscated malware. Our approach combines model-based and AI-based techniques, making it the first effort to integrate these approaches for obfuscated malware detection. Given that deobfuscation is a computationally very challenging (i.e., NP-hard) problem, our methodology circumvents obfuscation by indirectly observing malware behavior through the runtime behavior of target services controlled and operated by the Android applications.