Smali opcode based Android Malware detection and Obfuscation Identification

Abstract The Android platform's open-source nature makes it a prime target for attackers seeking to exploit vulnerabilities. The practice of reverse engineering in Android applications further increases this vulnerability, creating a lucrative ground for exploitation and attack. Malware developers use various obfuscation techniques to protect applications from reverse engineering attempts. These same obfuscation techniques are utilized by malware creators to hide malicious code within the application's structure. Obfuscation introduces useless code and concealed features during feature extraction, making it difficult for conventional malware analysis methods to recognise the application and resulting in a high rate of false negatives. To address this, this paper introduces an innovative Smali opcode-based model, specifically designed to address the complexity of obfuscation techniques during both binary and familial classification. The core objective is to design a lightweight model capable of classifying malware and benign applications, alongside robust familial classification. Moreover, the model is also equipped to identify the specific obfuscation technique employed in a given malware application. We have meticulously implemented and rigorously evaluated the proposed model using two distinct datasets encompassing obfuscated and non-obfuscated samples. The experimental findings affirm the model's performance, surpassing existing state-of-the-art Android malware classifiers. Notably, the model achieves an impressive binary classification accuracy of 99.4\%.