Journal
PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE)
Volume -, Issue -, Pages 421-431Publisher
IEEE
DOI: 10.1145/3180155.3180228
Keywords
-
Categories
Funding
- National Science Foundation [CCF-1252644, CNS-1629771, CCF-1618132]
- Department of Homeland Security [HSHQDC-14-C-B0040]
- Air Force Office of Scientific Research [FA95501610030]
- U.S. Department of Defense (DOD) [FA95501610030] Funding Source: U.S. Department of Defense (DOD)
- Direct For Computer & Info Scie & Enginr [1629771] Funding Source: National Science Foundation
- Division Of Computer and Network Systems [1629771] Funding Source: National Science Foundation
Ask authors/readers for more resources
The Android platform has been the dominant mobile platform in recent years resulting in millions of apps and security threats against those apps. Anti-malware products aim to protect smartphone users from these threats, especially from malicious apps. However, malware authors use code obfuscation on their apps to evade detection by anti-malware products. To assess the effects of code obfuscation on Android apps and anti-malware products, we have conducted a large-scale empirical study that evaluates the effectiveness of the top anti-malware products against various obfuscation tools and strategies. To that end, we have obfuscated 3,000 benign apps and 3,000 malicious apps and generated 73,362 obfuscated apps using 29 obfuscation strategies from 7 open-source, academic, and commercial obfuscation tools. The findings of our study indicate that (1) code obfuscation significantly impacts Android anti-malware products; (2) the majority of anti-malware products are severely impacted by even trivial obfuscations; (3) in general, combined obfuscation strategies do not successfully evade anti-malware products more than individual strategies; (4) the detection of anti-malware products depend not only on the applied obfuscation strategy but also on the leveraged obfuscation tool; (5) anti-malware products are slow to adopt signatures of malicious apps; and (6) code obfuscation often results in changes to an app's semantic behaviors.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available