Authors:
Alessandro Bacci
1
;
Alberto Bartoli
1
;
Fabio Martinelli
2
;
Eric Medvet
1
;
Francesco Mercaldo
2
and
Corrado Aaron Visaggio
3
Affiliations:
1
Università degli Studi di Trieste, Italy
;
2
Consiglio Nazionale delle Ricerche, Italy
;
3
Università degli Studi del Sannio, Italy
Keyword(s):
Malware, Android, Machine Learning, Code Obfuscation, Security.
Abstract:
The huge diffusion of malware in mobile platform is plaguing users. New malware proliferates at a very fast
pace: as a matter of fact, to evade the signature-based mechanism implemented in current antimalware, the
application of trivial obfuscation techniques to existing malware is sufficient. In this paper, we show how
the application of several morphing techniques affects the effectiveness of two widespread malware detection
approaches based on Machine Learning coupled respectively with static and dynamic analysis. We demonstrate
experimentally that dynamic analysis-based detection performs equally well in evaluating obfuscated
and non-obfuscated malware. On the other hand, static analysis-based detection is more accurate on non-obfuscated
samples but is greatly negatively affected by obfuscation: however, we also show that this effect
can be mitigated by using obfuscated samples also in the learning phase.