Title: A Comparative Analysis of Properties that May be Used for Malware Detection
Abstract: Despite detection efforts, malware regularly makes its way onto online markets for mobile applications. There are a variety of known methods that malware developers use to disguise the intent of their applications from anti-malware software. These methods include features that can be discovered by examining the code, such as obfuscation. As such, one might try to discover malware by looking directly for these particular code features. Unfortunately, the features used by malware developers may also appear in benign applications for legitimate reasons. In order to determine if these features are effective for evasion of malware detection, we therefore need to perform a comparative analysis to see which features are more commonly associated with malware. In this manner, we try to determine if there are any specific code features that can be associated with malware that gets past existing filters. We focus in particular on the Google Play Store, and the Google Play Protect system. We consider eight different code features that could be used to reduce the effectiveness of Android malware analysis tools. By comparing malware samples and non-malware samples from the Google Play Store, we try to determine if any of these features is associated more closely with malware that has escaped detection. This is a description of work in progress, to demonstrate the utility of the approach.
Publication Year: 2018
Publication Date: 2018-11-01
Language: en
Type: article
Indexed In: ['crossref']
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot