DaDiDroid: An Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling

by   Muhammad Ikram, et al.

With the number of new mobile malware instances increasing by over 50% annually since 2012 [24], malware embedding in mobile apps is arguably one of the most serious security issues mobile platforms are exposed to. While obfuscation techniques are successfully used to protect the intellectual property of apps' developers, they are unfortunately also often used by cybercriminals to hide malicious content inside mobile apps and to deceive malware detection tools. As a consequence, most of mobile malware detection approaches fail in differentiating between benign and obfuscated malicious apps. We examine the graph features of mobile apps code by building weighted directed graphs of the API calls, and verify that malicious apps often share structural similarities that can be used to differentiate them from benign apps, even under a heavily "polluted" training set where a large majority of the apps are obfuscated. We present DaDiDroid an Android malware app detection tool that leverages features of the weighted directed graphs of API calls to detect the presence of malware code in (obfuscated) Android apps. We show that DaDiDroid significantly outperforms MaMaDroid [23], a recently proposed malware detection tool that has been proven very efficient in detecting malware in a clean non-obfuscated environment. We evaluate DaDiDroid's accuracy and robustness against several evasion techniques using various datasets for a total of 43,262 benign and 20,431 malware apps. We show that DaDiDroid correctly labels up to 96 accuracy with an exclusive use of a training set of obfuscated apps.


page 1

page 2

page 3

page 4


Android Malware Detection using Deep Learning on API Method Sequences

Android OS experiences a blazing popularity since the last few years. Th...

Android Malware Clustering using Community Detection on Android Packages Similarity Network

The daily amount of Android malicious applications (apps) targeting the ...

A Multi-view Context-aware Approach to Android Malware Detection and Malicious Code Localization

Existing Android malware detection approaches use a variety of features ...

When the Guard failed the Droid: A case study of Android malware

Android malware is a persistent threat to billions of users around the w...

AiDroid: When Heterogeneous Information Network Marries Deep Neural Network for Real-time Android Malware Detection

The explosive growth and increasing sophistication of Android malware ca...

On Impact of Semantically Similar Apps in Android Malware Datasets

Malware authors reuse the same program segments found in other applicati...

Characterizing Sensor Leaks in Android Apps

While extremely valuable to achieve advanced functions, mobile phone sen...

Please sign up or login with your details

Forgot password? Click here to reset