Abstract

The Android packing techniques were originally used to pack and conceal important information of the apps to prevent malicious developers from deconstructing the software logic. However, due to the lack of supervision, packing techniques have become the common methods for Android malwares to harden apps and circumvent virus detection engines in recent years. With obfuscation and encryption techniques, packing engines can alter the code structure of malwares and hide the malicious code to deceive and bypass the detection mechanisms, such as signature matching. For packing techniques, the packers are the agents created by packing engines and used to protect the softwares. Hence the packers pose a major challenge to the automated malware detection when researchers analyze a large collection of Android apps statically. It is necessary to identify packed samples in advance so that researchers can adopt different process procedures. To address this problem, we propose an intelligent AnDroid Packer Detection Framework called DroidPDF. It adopts a concise feature set that is resilient to obfuscation techniques. It also introduces weighted entropy to improve the detection effectiveness and achieves an average F1 Score of 0.9870.

Highlights

  • As the most popular mobile operating system, the current Android market share is as large as 76.2% [1]

  • The results show that DroidPDF has a favorable prospect for Android packer detection

  • EVALUATION we evaluate the performance of DroidPDF

Read more

Summary

INTRODUCTION

As the most popular mobile operating system, the current Android market share is as large as 76.2% [1]. C. Sun et al.: DroidPDF: The Obfuscation Resilient Packer Detection Framework for Android Apps techniques pretend to be popular apps. The emergence of packed malwares pose a serious challenge to the anti-virus engines during static analysis of a large collection of samples [11]–[13]. In light of this background, we propose a lightweight solution named DroidPDF to detect packed samples. Packers adopt a series of obfuscation techniques, DroidPDF is still able to achieve an average F1 Score of 0.9870.

BACKGROUND
ARCHITECTURE
EVALUATION
MODEL SELECTION FOR DroidPDF
DISCUSSION
RELATED WORK
CONCLUSION
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Generic Packing Detection Using Several Complexity Analysis for Accurate Malware Detection
Dr Mafaz
International Journal of Advanced Computer Science and Applications | VOL. 5
Dr MafazDr Mafaz
01 Jan 2014
Malware Detection Approach Based on Artifacts in Memory Image and Dynamic Analysis
Rami Sihwail ... Khairul Zainol Ariffin
Applied Sciences | VOL. 9
Rami Sihwail, et. al.Rami Sihwail ... Khairul Zainol Ariffin
05 Sep 2019
Malware Behavior Through Network Trace Analysis
Xiyue Deng ... Jelena Mirkovic
-
Xiyue Deng, et. al.Xiyue Deng ... Jelena Mirkovic
01 Jan 2020
PE File Header Analysis-Based Packed PE File Detection Technique (PHAD)
Yang-Seo Choi ... Jin-Tae Oh
-
Yang-Seo Choi, et. al.Yang-Seo Choi ... Jin-Tae Oh
01 Oct 2008
View more papers

More From: IEEE Access

Paper Title
Journal
Date
Author
Design of a Compact Power Splitter With Improved Performance for Wireless Applications Using Recurrent and Feed Forward Neural Networks Inverted Models
Salah I Yahya ... Sobhan Roshani
IEEE Access | VOL. 12
Salah I Yahya, et. al.Salah I Yahya ... Sobhan Roshani
01 Jan 2024
DeepTextMark: A Deep Learning-Driven Text Watermarking Approach for Identifying Large Language Model Generated Text
Travis Munyer ... Arjon Das
IEEE Access | VOL. 12
Travis Munyer, et. al.Travis Munyer ... Arjon Das
01 Jan 2024
Joint Learning of Spectral Clustering and Low-Rank Representation Based on Precise Segmentation Cost for Cancer Subtype Identification
Yanming Cao ... Jia Wang
IEEE Access | VOL. 12
Yanming Cao, et. al.Yanming Cao ... Jia Wang
01 Jan 2024
An Improved Artificial Potential Field Path Planning Based on Gradient Statistical Mutation Quantum Genetic Algorithm
Zhenguo Yuan ... Hui Li
IEEE Access | VOL. 12
Zhenguo Yuan, et. al.Zhenguo Yuan ... Hui Li
01 Jan 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.