Mobile malware detection systems are often vulnerable to evasion attacks, in which a malware developer manipulates a malware sample such that it is misclassified as benign. These samples are manipulated to hide some characteristics or adopt the properties of a different class by applying small but intentionally crafted perturbations. In this paper, we propose a novel mobile malware detection system, based on metamorphic testing principles, that can detect benign-looking evasive malware apps. The key idea is to expose the malicious nature of the apps by unraveling the evasive techniques employed by malware. We observed that evasive malware exhibit characteristics of benign apps, and by eliminating these features, the classifier can correctly detect the malware without compromising significantly on benign app detection. The training pipeline of our proposed system is much simpler than existing malware detection methods, as the network is trained end-to-end to jointly learn appropriate features and to perform classification. We train our model on 3.2 million apps collected from the AndroZoo dataset. We perform an extensive study on publicly available datasets and malware samples collected from the wild to show the effectiveness of the proposed technique. In particular, we show that our algorithm is capable of detecting repackaged malware with more than 94% accuracy.
Conference DayWed 2 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
16:10 - 17:30
|Metamorphic Detection of Repackaged Malware|
|Metamorphic Testing on the Continuum of Verification and Validation of Simulation Models|
|Metamorphic Testing for Image-based Calcium Imaging Analysis Pipelines|