A Deep Camouflage: Evaluating Android's Anti-malware Systems Robustness Against Hybridization of Obfuscation Techniques with Injection Attacks

Abstract

The threats facing smartphones have become one of the most dangerous cyberspace threats; therefore, many solutions have been developed in the commercial or academic domain to address these threats. This paper aims to test the defence robustness of some well-known commercial anti-malware systems against camouflage techniques. To this end, multiple attacks have been proposed and applied to create multiple camouflaged malware datasets based on well-known malware datasets. First of all, we proposed two injection attacks, namely benign permissions injection attack and benign permissions-code injection attack; these attacks have been used with one more attack called app re-signing attack. To the best of our knowledge, these injection attacks have been used for the first time in the Android OS domain. Furthermore, the proposed attacks have been hybridized with some commonly used obfuscation techniques, namely string encryption, class encryption, and reflection, to obtain a high degree of camouflage and avoiding anti-malware systems' detection. To our knowledge, this is the first time that the obfuscation techniques are hybridized with other attacks. The obtained results showed that the detection accuracy of most tested anti-malware systems dropped to about 10% or less. Moreover, the average number of engines which was able to detect malware samples decreased from 45 engines when the original dataset has been tested to about 12 engines when the camouflaged datasets have been tested.