Towards Behavior-Based Analysis of Android Obfuscated Malware

In this paper, we report on the initial results of an ongoing project that aims to rigorously detect obfuscated Android malware. In fact, the detection of Android malware has become increasingly complex as malicious app developers employ various obfuscation techniques. Previous approaches have focused on addressing specific obfuscation methods, but the dynamic nature of these techniques presents challenges in accounting for all possible variations. In response to this challenge, we have developed an innovative behavioral methodology for analyzing obfuscated malware. Our approach combines model-based and AI-based techniques, making it the first effort to integrate these approaches for obfuscated malware detection. Given that deobfuscation is a computationally very challenging (i.e., NP-hard) problem, our methodology circumvents obfuscation by indirectly observing malware behavior through the runtime behavior of target services controlled and operated by the Android applications.