An Empirical Study of Code Deobfuscations on Detecting Obfuscated Android Piggybacked Apps

Zhang, Y; Xiao, G; Zheng, Z; Zhu, T; Tsang, IW; Sui, Y

An Empirical Study of Code Deobfuscations on Detecting Obfuscated Android Piggybacked Apps

Zhang, Y Xiao, G Zheng, Z Zhu, T Tsang, IW Sui, Y

Permalink

Publisher:: IEEE
Publication Type:: Conference Proceeding
Citation:: 2020 27th Asia-Pacific Software Engineering Conference (APSEC), 2021, 2020-December, pp. 41-50
Issue Date:: 2021-03-01

Closed Access

	Filename	Description	Size
	09359260.pdf	Published Version	518.04 kB		View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Zhang, Y
dc.contributor.author	Xiao, G
dc.contributor.author	Zheng, Z
dc.contributor.author	Zhu, T
dc.contributor.author	Tsang, IW
dc.contributor.author	Sui, Y https://orcid.org/0000-0002-9510-6574
dc.date	2020-12-01
dc.date.accessioned	2021-04-23T07:17:02Z
dc.date.available	2021-04-23T07:17:02Z
dc.date.issued	2021-03-01
dc.identifier.citation	2020 27th Asia-Pacific Software Engineering Conference (APSEC), 2021, 2020-December, pp. 41-50
dc.identifier.isbn	9781728195537
dc.identifier.issn	1530-1362
dc.identifier.uri	http://hdl.handle.net/10453/148322
dc.description.abstract	Android piggybacked malware (i.e., apps that piggyback malicious code) are becoming ubiquitous in app stores. Malware writers often use obfuscation techniques to obfuscate piggybacked apps to evade detection by Android malware detectors. Previous studies in this field have focused on the impact of code obfuscations on the detection of piggybacked malware, but the impact of code deobfuscation on detecting obfuscated piggybacked apps has rarely been studied. Knowing about the impact of code deobfuscation can provide useful insights into obfuscated piggybacked apps and therefore the design of resilient Android malware detectors. In this paper we conduct an empirical study of code deobfuscations on detecting obfuscated Android piggybacked apps, focusing on three types of malware detectors: commercial anti-malware products, machine learning-based detectors, and similarity-based detectors. We observe that code deobfuscations can impact differently depending on the malware detectors. For example, some deobfuscation strategies can improve the precision of detecting obfuscated piggybacked apps. Also we observe that the examined deobfuscation tools (Simplify and Deguard) have a different impact on obfuscated piggybacked apps after deobfuscations.
dc.language	en
dc.publisher	IEEE
dc.relation	http://purl.org/au-research/grants/arc/DP200101328
dc.relation.ispartof	2020 27th Asia-Pacific Software Engineering Conference (APSEC)
dc.relation.ispartof	2020 27th Asia-Pacific Software Engineering Conference
dc.relation.isbasedon	10.1109/apsec51365.2020.00012
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	An Empirical Study of Code Deobfuscations on Detecting Obfuscated Android Piggybacked Apps
dc.type	Conference Proceeding
utslib.citation.volume	2020-December
utslib.location.activity	Singapore, Singapore
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Strength - AAII - Australian Artificial Intelligence Institute
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access	*
dc.date.updated	2021-04-23T07:17:01Z
pubs.finish-date	2020-12-04
pubs.publication-status	Published
pubs.start-date	2020-12-01
pubs.volume	2020-December

Abstract:

Android piggybacked malware (i.e., apps that piggyback malicious code) are becoming ubiquitous in app stores. Malware writers often use obfuscation techniques to obfuscate piggybacked apps to evade detection by Android malware detectors. Previous studies in this field have focused on the impact of code obfuscations on the detection of piggybacked malware, but the impact of code deobfuscation on detecting obfuscated piggybacked apps has rarely been studied. Knowing about the impact of code deobfuscation can provide useful insights into obfuscated piggybacked apps and therefore the design of resilient Android malware detectors. In this paper we conduct an empirical study of code deobfuscations on detecting obfuscated Android piggybacked apps, focusing on three types of malware detectors: commercial anti-malware products, machine learning-based detectors, and similarity-based detectors. We observe that code deobfuscations can impact differently depending on the malware detectors. For example, some deobfuscation strategies can improve the precision of detecting obfuscated piggybacked apps. Also we observe that the examined deobfuscation tools (Simplify and Deguard) have a different impact on obfuscated piggybacked apps after deobfuscations.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/148322