Skip to main content
SpringerLink
Log in

DeepMalOb: Deep Detection of Obfuscated Android Malware

  • Conference paper
  • First Online:
Pan-African Artificial Intelligence and Smart Systems (PAAISS 2022)

Included in the following conference series:

Abstract

The detection of malware android became very crucial with the use of obfuscation techniques by developers of malicious applications. In the literature several approaches have been proposed to take into account certain techniques. But it is difficult to take into account all obfuscation techniques because of mutations and this is a critical challenge for cybersecurity. In this contribution, we proposed an approach to detect obfuscated malicious applications. This approach is based on the memory dump process. This process helps to discover the behaviour of obfuscated applications while they are executing without targeting a particular obfuscation technique. We implemented our application using supervised neural networks. We tested and selected hyper-parameters to train our detection model. The different results obtained by the evaluation metrics such as accuracy, precision, recall and F1 score, are excellent with high values around 99%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ebad, S.A., Darem, A.A., Abawajy, J.H.: Measuring software obfuscation quality-a systematic literature review. IEEE Access 9, 99024–99038 (2021)

    Article  Google Scholar 

  2. Zhang, X., Breitinger, F., Luechinger, E., O’Shaughnessy, S.: Android application forensics: a survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations. Forensic Sci. Int. Digit. Investig. 39, 301285 (2021)

    Article  Google Scholar 

  3. Malicious android apps capitalizing on covid-19 promon. https://promon.co/security-news/malicious-android-apps-are-capitalizing-on-covid-19/. Accessed 15 Dec 2020

  4. Sawadogo, Z., Mendy, G., Dembelle, J.M., Ouya, S.: Android malware classification: updating features through incremental learning approach (UFILA). In: 2022 24th International Conference on Advanced Communication Technology (ICACT), pp. 544–550. IEEE (2022)

    Google Scholar 

  5. Hargreaves, C., Chivers, H.: Recovery of encryption keys from memory using a linear scan. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 1369–1376. IEEE (2008)

    Google Scholar 

  6. Sihwail, R., Omar, K., Ariffin, K.A.Z.: International journal of advanced science, engineering and information technology IJASEIT. Int. J. Adv. Sci. Eng. Inf. Technol. 8(4–2), 1662–1671 (2018)

    Article  Google Scholar 

  7. Mirzaei, O., de Fuentes, J.M., Tapiador, J., Gonzalez-Manzano, L.: ANDRODET: an adaptive Android obfuscation detector. Futur. Gener. Comput. Syst. 90, 240–261 (2019)

    Article  Google Scholar 

  8. Mohammadinodooshan, A., Kargén, U., Shahmehri, N.: Comment on “AndrODet: an adaptive Android obfuscation detector”. arXiv preprint arXiv:1910.06192 (2019)

  9. Li, Z., Sun, J., Yan, Q., Srisa-an, W., Tsutano, Y.: Obfusifier: obfuscation-resistant android malware detection system. In: Chen, S., Choo, K.-K.R., Fu, X., Lou, W., Mohaisen, A. (eds.) SecureComm 2019. LNICST, vol. 304, pp. 214–234. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-37228-6_11

    Chapter  Google Scholar 

  10. Guo, J., Liu, D., Zhao, R., Li, Z.: WLTDroid: repackaging detection approach for android applications. In: Wang, G., Lin, X., Hendler, J., Song, W., Xu, Z., Liu, G. (eds.) WISA 2020. LNCS, vol. 12432, pp. 579–591. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-60029-7_52

    Chapter  Google Scholar 

  11. Bacci, A., Bartoli, A., Martinelli, F., Medvet, E., Mercaldo, F., Visaggio, C.A.: Impact of code obfuscation on android malware detection based on static and dynamic analysis. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pp. 379–385. INSTICC, SciTePress (2018)

    Google Scholar 

  12. Dai, Y., Li, H., Qian, Y., Xidong, L.: A malware classification method based on memory dump grayscale image. Digit. Investig. 27, 30–37 (2018)

    Article  Google Scholar 

  13. Sihag, V., Vardhan, M., Singh, P.: BLADE: robust malware detection against obfuscation in android. Forensic Sci. Int. Digit. Investig. 38, 301176 (2021)

    Article  Google Scholar 

  14. Ramachandran, P., Zoph, B., Le, Q.V.: Searching for activation functions. arXiv preprint arXiv:1710.05941 (2017)

  15. Werbos, P.J.: Backpropagation through time: what it does and how to do it. Proc. IEEE 78(10), 1550–1560 (1990)

    Article  Google Scholar 

  16. Cortes, C., Mohri, M., Rostamizadeh, A.: L2 regularization for learning kernels. arXiv preprint arXiv:1205.2653 (2012)

  17. Zhang, Z., Sabuncu, M.: Generalized cross entropy loss for training deep neural networks with noisy labels. Adv. Neural Inf. Process. Syst. 31 (2018)

    Google Scholar 

  18. Hush, D.R., Horne, B.G.: Progress in supervised neural networks. IEEE Signal Process. Mag. 10(1), 8–39 (1993)

    Article  Google Scholar 

  19. Taud, H., Mas, J.F.: Multilayer perceptron (MLP). In: Camacho Olmedo, M.T., Paegelow, M., Mas, J.-F., Escobar, F. (eds.) Geomatic Approaches for Modeling Land Change Scenarios. LNGC, pp. 451–455. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-60801-3_27

    Chapter  Google Scholar 

  20. Carrier, T., Victor, P., Tekeoglu, A., Lashkari, A.H.: Detecting obfuscated malware using memory feature engineering. In: Mori, P., Lenzini, G., Furnell, S. (eds.) Proceedings of the 8th International Conference on Information Systems Security and Privacy (ICISSP 2022), Online Streaming, 9–11 February 2022, pp. 177–188. SCITEPRESS (2022)

    Google Scholar 

  21. Handling imbalanced datasets in machine learning | by baptiste | towards data science. https://towardsdatascience.com/handling-imbalanced-datasets-in-machine-learning-7a0e84220f28. Accessed 15 Dec 2022

  22. Sawadogo, Z., Mendy, G., Dembele, J.M., Ouya, S.: Android malware detection: investigating the impact of imbalanced data-sets on the performance of machine learning models. In: 2022 24th International Conference on Advanced Communication Technology (ICACT), pp. 435–441. IEEE (2022)

    Google Scholar 

  23. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)

  24. Kane, S.N., Mishra, A., Dutta, A.K.: Preface: international conference on recent trends in physics (ICRTP 2016). J. Phys: Conf. Ser. 755(1), 5 (2016)

    Google Scholar 

  25. Bozkir, A.S., Tahillioglu, E., Aydos, M., Kara, I.: Catch them alive: a malware detection approach through memory forensics, manifold learning and computer vision. Comput. Secur. 103, 102166 (2021)

    Article  Google Scholar 

Download references

Acknowledgment

Our work was sponsored by the Partnership for Skills in Applied Science, Engineering and Technology - Regional Scholarship and Innovation Fund (PASET-RSIF).

Author information

Authors and Affiliations

  1. LITA (Laboratoire d’Informatique, de Télécommunications et Applications), Université Cheikh Anta Diop de Dakar, Dakar, Senegal

    Zakaria Sawadogo, Attoumane Tahar, Gervais Mendy & Samuel Ouya

  2. LANI (Laboratoire d’Analyse Numérique et Informatique), Université Gaston Berger, Dakar, Senegal

    Zakaria Sawadogo & Jean-Marie Dembele

Authors
  1. Zakaria Sawadogo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Marie Dembele
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Attoumane Tahar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gervais Mendy
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Samuel Ouya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zakaria Sawadogo .

Editor information

Editors and Affiliations

  1. Memorial University, Corner Brook, NL, Canada

    Telex Magloire Ngatched Nkouatchah

  2. Ryerson University, Toronto, ON, Canada

    Isaac Woungang

  3. University of KwaZulu-Natal, Durban, South Africa

    Jules-Raymond Tapamo

  4. University of KwaZulu-Natal, Durban, South Africa

    Serestina Viriri

Rights and permissions

Reprints and permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sawadogo, Z., Dembele, JM., Tahar, A., Mendy, G., Ouya, S. (2023). DeepMalOb: Deep Detection of Obfuscated Android Malware. In: Ngatched Nkouatchah, T.M., Woungang, I., Tapamo, JR., Viriri, S. (eds) Pan-African Artificial Intelligence and Smart Systems. PAAISS 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 459. Springer, Cham. https://doi.org/10.1007/978-3-031-25271-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25271-6_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25270-9

  • Online ISBN: 978-3-031-25271-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation