Black box analysis of android malware detectors

Authors

Guruswamy Nellaivadivelu, San Jose State University
Fabio Di Troia, San Jose State UniversityFollow
Mark Stamp, San Jose State UniversityFollow

Document Type

Article

Publication Date

3-5-2020

Publication Title

Array

Volume

6

Abstract

If a malware detector relies heavily on a feature that is obfuscated in a given malware sample, then the detector will likely fail to correctly classify the malware. In this research, we obfuscate selected features of known Android malware samples and determine whether these obfuscated samples can still be reliably detected. Using this approach, we discover which features are most significant for various sets of Android malware detectors, in effect, performing a black box analysis of these detectors. We find that there is a surprisingly high degree of variability among the key features used by popular malware detectors.

Comments

This article can also be read online here.

Recommended Citation

Guruswamy Nellaivadivelu, Fabio Di Troia, and Mark Stamp. "Black box analysis of android malware detectors" Array (2020). https://doi.org/10.1016/j.array.2020.100022

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.