MaMaDroid2.0 – The Holes of Control Flow Graphs

by   Harel Berger, et al.

Android malware is a continuously expanding threat to billions of mobile users around the globe. Detection systems are updated constantly to address these threats. However, a backlash takes the form of evasion attacks, in which an adversary changes malicious samples such that those samples will be misclassified as benign. This paper fully inspects a well-known Android malware detection system, MaMaDroid, which analyzes the control flow graph of the application. Changes to the portion of benign samples in the train set and models are considered to see their effect on the classifier. The changes in the ratio between benign and malicious samples have a clear effect on each one of the models, resulting in a decrease of more than 40 Moreover, adopted ML models are implemented as well, including 5-NN, Decision Tree, and Adaboost. Exploration of the six models reveals a typical behavior in different cases, of tree-based models and distance-based models. Moreover, three novel attacks that manipulate the CFG and their detection rates are described for each one of the targeted models. The attacks decrease the detection rate of most of the models to 0 benign to malicious apps. As a result, a new version of MaMaDroid is engineered. This model fuses the CFG of the app and static analysis of features of the app. This improved model is proved to be robust against evasion attacks targeting both CFG-based models and static analysis models, achieving a detection rate of more than 90


page 1

page 2

page 3

page 4


When the Guard failed the Droid: A case study of Android malware

Android malware is a persistent threat to billions of users around the w...

Automatic Investigation Framework for Android Malware Cyber-Infrastructures

The popularity of Android system, not only in the handset devices but al...

Android Malware Detection based on Factorization Machine

With the increasing popularity of Android smart phones in recent years, ...

Do You Think You Can Hold Me? The Real Challenge of Problem-Space Evasion Attacks

Android malware is a spreading disease in the virtual world. Anti-virus ...

Android Malware Clustering using Community Detection on Android Packages Similarity Network

The daily amount of Android malicious applications (apps) targeting the ...

MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models (Extended Version)

As Android becomes increasingly popular, so does malware targeting it, t...

Intriguing Properties of Adversarial ML Attacks in the Problem Space

Recent research efforts on adversarial ML have investigated problem-spac...

Please sign up or login with your details

Forgot password? Click here to reset