Abstract
The detection of malware android became very crucial with the use of obfuscation techniques by developers of malicious applications. In the literature several approaches have been proposed to take into account certain techniques. But it is difficult to take into account all obfuscation techniques because of mutations and this is a critical challenge for cybersecurity. In this contribution, we proposed an approach to detect obfuscated malicious applications. This approach is based on the memory dump process. This process helps to discover the behaviour of obfuscated applications while they are executing without targeting a particular obfuscation technique. We implemented our application using supervised neural networks. We tested and selected hyper-parameters to train our detection model. The different results obtained by the evaluation metrics such as accuracy, precision, recall and F1 score, are excellent with high values around 99%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ebad, S.A., Darem, A.A., Abawajy, J.H.: Measuring software obfuscation quality-a systematic literature review. IEEE Access 9, 99024–99038 (2021)
Zhang, X., Breitinger, F., Luechinger, E., O’Shaughnessy, S.: Android application forensics: a survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations. Forensic Sci. Int. Digit. Investig. 39, 301285 (2021)
Malicious android apps capitalizing on covid-19 promon. https://promon.co/security-news/malicious-android-apps-are-capitalizing-on-covid-19/. Accessed 15 Dec 2020
Sawadogo, Z., Mendy, G., Dembelle, J.M., Ouya, S.: Android malware classification: updating features through incremental learning approach (UFILA). In: 2022 24th International Conference on Advanced Communication Technology (ICACT), pp. 544–550. IEEE (2022)
Hargreaves, C., Chivers, H.: Recovery of encryption keys from memory using a linear scan. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 1369–1376. IEEE (2008)
Sihwail, R., Omar, K., Ariffin, K.A.Z.: International journal of advanced science, engineering and information technology IJASEIT. Int. J. Adv. Sci. Eng. Inf. Technol. 8(4–2), 1662–1671 (2018)
Mirzaei, O., de Fuentes, J.M., Tapiador, J., Gonzalez-Manzano, L.: ANDRODET: an adaptive Android obfuscation detector. Futur. Gener. Comput. Syst. 90, 240–261 (2019)
Mohammadinodooshan, A., Kargén, U., Shahmehri, N.: Comment on “AndrODet: an adaptive Android obfuscation detector”. arXiv preprint arXiv:1910.06192 (2019)
Li, Z., Sun, J., Yan, Q., Srisa-an, W., Tsutano, Y.: Obfusifier: obfuscation-resistant android malware detection system. In: Chen, S., Choo, K.-K.R., Fu, X., Lou, W., Mohaisen, A. (eds.) SecureComm 2019. LNICST, vol. 304, pp. 214–234. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-37228-6_11
Guo, J., Liu, D., Zhao, R., Li, Z.: WLTDroid: repackaging detection approach for android applications. In: Wang, G., Lin, X., Hendler, J., Song, W., Xu, Z., Liu, G. (eds.) WISA 2020. LNCS, vol. 12432, pp. 579–591. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-60029-7_52
Bacci, A., Bartoli, A., Martinelli, F., Medvet, E., Mercaldo, F., Visaggio, C.A.: Impact of code obfuscation on android malware detection based on static and dynamic analysis. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), pp. 379–385. INSTICC, SciTePress (2018)
Dai, Y., Li, H., Qian, Y., Xidong, L.: A malware classification method based on memory dump grayscale image. Digit. Investig. 27, 30–37 (2018)
Sihag, V., Vardhan, M., Singh, P.: BLADE: robust malware detection against obfuscation in android. Forensic Sci. Int. Digit. Investig. 38, 301176 (2021)
Ramachandran, P., Zoph, B., Le, Q.V.: Searching for activation functions. arXiv preprint arXiv:1710.05941 (2017)
Werbos, P.J.: Backpropagation through time: what it does and how to do it. Proc. IEEE 78(10), 1550–1560 (1990)
Cortes, C., Mohri, M., Rostamizadeh, A.: L2 regularization for learning kernels. arXiv preprint arXiv:1205.2653 (2012)
Zhang, Z., Sabuncu, M.: Generalized cross entropy loss for training deep neural networks with noisy labels. Adv. Neural Inf. Process. Syst. 31 (2018)
Hush, D.R., Horne, B.G.: Progress in supervised neural networks. IEEE Signal Process. Mag. 10(1), 8–39 (1993)
Taud, H., Mas, J.F.: Multilayer perceptron (MLP). In: Camacho Olmedo, M.T., Paegelow, M., Mas, J.-F., Escobar, F. (eds.) Geomatic Approaches for Modeling Land Change Scenarios. LNGC, pp. 451–455. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-60801-3_27
Carrier, T., Victor, P., Tekeoglu, A., Lashkari, A.H.: Detecting obfuscated malware using memory feature engineering. In: Mori, P., Lenzini, G., Furnell, S. (eds.) Proceedings of the 8th International Conference on Information Systems Security and Privacy (ICISSP 2022), Online Streaming, 9–11 February 2022, pp. 177–188. SCITEPRESS (2022)
Handling imbalanced datasets in machine learning | by baptiste | towards data science. https://towardsdatascience.com/handling-imbalanced-datasets-in-machine-learning-7a0e84220f28. Accessed 15 Dec 2022
Sawadogo, Z., Mendy, G., Dembele, J.M., Ouya, S.: Android malware detection: investigating the impact of imbalanced data-sets on the performance of machine learning models. In: 2022 24th International Conference on Advanced Communication Technology (ICACT), pp. 435–441. IEEE (2022)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
Kane, S.N., Mishra, A., Dutta, A.K.: Preface: international conference on recent trends in physics (ICRTP 2016). J. Phys: Conf. Ser. 755(1), 5 (2016)
Bozkir, A.S., Tahillioglu, E., Aydos, M., Kara, I.: Catch them alive: a malware detection approach through memory forensics, manifold learning and computer vision. Comput. Secur. 103, 102166 (2021)
Acknowledgment
Our work was sponsored by the Partnership for Skills in Applied Science, Engineering and Technology - Regional Scholarship and Innovation Fund (PASET-RSIF).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Sawadogo, Z., Dembele, JM., Tahar, A., Mendy, G., Ouya, S. (2023). DeepMalOb: Deep Detection of Obfuscated Android Malware. In: Ngatched Nkouatchah, T.M., Woungang, I., Tapamo, JR., Viriri, S. (eds) Pan-African Artificial Intelligence and Smart Systems. PAAISS 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 459. Springer, Cham. https://doi.org/10.1007/978-3-031-25271-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-031-25271-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25270-9
Online ISBN: 978-3-031-25271-6
eBook Packages: Computer ScienceComputer Science (R0)