AndroShow: A Large Scale Investigation to Identify the Pattern of Obfuscated Android Malware

Abstract

This paper represents a static analysis based research of android’s feature in obfuscated android malware. Android smartphone’s security and privacy of personal information remain threatened because of android based device popularity. It has become a challenging and diverse area to research in information security. Though malware researchers can detect already identified malware, they can not detect many obfuscated malware. Because, malware attackers use different obfuscation techniques, as a result many anti malware engines can not detect obfuscated malware applications. Therefore, it is necessary to identify the obfuscated malware pattern made by attackers. A large-scale investigation has been performed in this paper by developing python scripts, named it AndroShow, to extract pattern of permission, app component, filtered intent, API call and system call from an obfuscated malware dataset named Android PRAGuard Dataset. Finally, the patterns in a matrix form have been found and stored in a Comma Separated Values (CSV) file which will be the base of detecting the obfuscated malware in future.