Litcius/Paper detail

Impact of Code Deobfuscation and Feature Interaction in Android Malware Detection

Yun-Chung Chen, Hong-Yen Chen, Takeshi Takahashi, Bo Sun, Tsung-Nan Lin

2021IEEE Access19 citationsDOIOpen Access PDF

Abstract

With more than three million applications already in the Android marketplace, various malware detection systems based on machine learning have been proposed to prevent attacks from cybercriminals. Most of these systems use static analyses to extract application features. However, many features generated by static analyses are easily thwarted by obfuscation techniques. Several researchers are addressing the obfuscation problem with obfuscation-invariant features. However, to our knowledge, no researcher has utilized deobfuscation techniques. Thus, we use a code deobfuscation technique with an Android malware detection system and investigate its effects. Experimental results show that code deobfuscation can successfully retrieve useful information concealed by obfuscation. In addition, we propose interaction terms based on identified feature interactions. Since many feature values are correlated to the size of the application, the proposed interaction terms aim to eliminate the interference caused by the size of the application and other features. Experimental results also show that these interaction terms have a high ranking in terms of feature importance. Our proposed Android malware detection model achieves 99.55% accuracy and a 94.61% F1-score with the well-known Drebin dataset, surpassing the performance of previous work.

Topics & Concepts

Computer scienceMalwareObfuscationAndroid (operating system)Static analysisAndroid malwareMachine learningArtificial intelligenceData miningComputer securityOperating systemProgramming languageAdvanced Malware Detection TechniquesSoftware Testing and Debugging TechniquesDigital and Cyber Forensics
Impact of Code Deobfuscation and Feature Interaction in Android Malware Detection | Litcius