The detection mechanism provided by current antimalware is the so-called signature based, requiring that a threat must be widespread to be recognised by the antimalware. Even if a malware is rightly recognized, by applying even trivial obfuscation techniques, it is really easy to bypass the antimalware detection mechanism. In this paper we propose a method to detect if an Android application is obfuscated with the call indirection obfuscation techniques by exploiting formal equivalence checking. In the experimental analysis we show the effectiveness of the propose approach for call indirection obfuscation technique detection, by exploiting two obfuscation tools.
History
Primary Research Area
Trustworthy Information Processing
Journal
Procedia Computer Science
Volume
192
Page Range
1659-1669
Publisher
Elsevier
Open Access Type
Gold
Sub Type
Article
BibTeX
@article{Marinaro:Martinelli:Mercaldo:Santone:2021,
title = "Detecting Call Indirection Obfuscation through Equivalence Checking in Android environment",
author = "Marinaro, Tiziano" AND "Martinelli, Fabio" AND "Mercaldo, Francesco" AND "Santone, Antonella",
year = 2021,
month = 1,
journal = "Procedia Computer Science",
pages = "1659--1669",
publisher = "Elsevier",
issn = "1877-0509",
doi = "10.1016/j.procs.2021.08.170"
}