Evaluation and classification of obfuscated Android malware through deep learning using ensemble voting mechanism

Abstract With the rise in popularity and usage of Android operating systems, malicious applications are targeted by applying innovative ways and techniques. Today, malware becomes intelligent that uses several ways of obfuscation techniques to hide its functionality and evade anti-malware engines. F...

Full description

Bibliographic Details
Main Authors: Sana Aurangzeb, Muhammad Aleem
Format: Article
Language:English
Published: Nature Portfolio 2023-02-01
Series:Scientific Reports
Online Access:https://doi.org/10.1038/s41598-023-30028-w
Description
Summary:Abstract With the rise in popularity and usage of Android operating systems, malicious applications are targeted by applying innovative ways and techniques. Today, malware becomes intelligent that uses several ways of obfuscation techniques to hide its functionality and evade anti-malware engines. For mainstream smartphone users, Android malware poses a severe security danger. An obfuscation approach, however, can produce malware versions that can evade current detection strategies and dramatically lower the detection accuracy. Attempting to identify Android malware obfuscation variations, this paper proposes an approach to address the challenges and issues related to the classification and detection of malicious obfuscated variants. The employed detection and classification scheme uses both static and dynamic analysis using an ensemble voting mechanism. Moreover, this study demonstrates that a small subset of features performs consistently well when they are derived from the basic malware (non-obfuscated), however, after applying a novel feature-based obfuscation approach, the study shows a drastic change indicating the relative importance of these features in obfuscating benign and malware applications. For this purpose, we present a fast, scalable, and accurate mechanism for obfuscated Android malware detection based on the Deep learning algorithm using real and emulator-based platforms. The experiments show that the proposed model detects malware effectively and accurately along with the identification of features that are usually obfuscated by malware attackers.
ISSN:2045-2322