An Overview of Techniques for Obfuscated Android Malware Detection

Obfuscation is a method to hide coding strategies for security and privacy. Despite its positive use, malware experts have also used this technique to develop malware applications. A variety of malware has taken over the market in recent times. This sophisticated malware uses different obfuscation and mutation techniques to deceive the detectors. Obfuscation and mutation attacks are technique variations in which the attacker uses java-reflection techniques and encryption to manipulate the malicious applications and force the classifier to do misclassification. Despite its positive use, malware experts have also used this technique to misguide classifiers. The obfuscated malware is difficult to tackle due to the complexity of there structure and behavior. A fresh look is needed at the available datasets and features used especially for Android obfuscated malware analysis. We investigate and provide a concise account of obfuscated malware detection techniques. We evaluate the importance and effectiveness of obfuscation for Android malware analysis by investigating the techniques, datasets, and feature sets used in the literature. We report supervised learning as more popular for analysis. The paper provides details on the use of datasets such as Debian, genome, Adrozoo, and CIC as the most commonly used in literature. We also investigate certain features, mostly static, considered for analysis and highlight the use of unconventional techniques, such as unsupervised learning and graph theory.