Evaluating Android Malware Detection System Against Obfuscation and Stealth Techniques


  • Shikha Badhani
  • Sunil K. Muttoo


Obfuscation Resilience, Android Malware Detection, API Tags, Permissions, Static Analysis


Malicious apps targeting the Android OS have grown significantly as a result of its popularity. To stay ahead of malware creators, malware detection systems need to be evaluated against detection evading techniques. Malware authors now frequently use obfuscation and other stealth techniques, to construct malicious applications that can avoid being detected by malware detection systems. When confronted with the same malware samples that have been obfuscated, a highly successful detection system for identifying unobfuscated malware samples might lose its efficiency. Thus, it becomes important to analyze the malware detection systems against obfuscation and other stealth techniques. In this paper, we evaluate CENDroid – an Android malware detection system that uses static analysis and combines clustering and ensemble methods to develop a classifier, against various techniques of evading malware at feature-level as well as classifier-level. Experimental results show that the features used in CENDroid - API tags and permissions, displayed strong robustness against code obfuscation and app hiding techniques. A comparison of obfuscation resilience of API tags and permissions features with code graphs and Androguard is also presented. At the classifier-level, CENDroid could detect all the malware in four test sets created by using obfuscation and app hiding techniques. Thus, CENDroid, being syntax-based, is immune to semantic-level changes that preserve the syntax of the app. This study can also be used as a framework to evaluate any Android malware detection system against obfuscation and stealth techniques, gaining insights into its strengths and weaknesses and informing potential improvements to enhance its effectiveness.

Author Biographies

Shikha Badhani

Shikha Badhani is an Assistant Professor in Dept. of Computer Science, Maitreyi College, University of Delhi since 2010. She obtained her Masters’ Degree in Computer Applications (MCA) from University of Delhi, India, in 2008. She received B.Sc (H) in Electronics degree from Hansraj College, University of Delhi, India, in 2005. She is a University Gold Medalist in MCA as well as in B.SC(H) Electronics. She is completed her Ph.D from Dept. of Computer Science, University of Delhi in the year 2020. Her research interests include Malware Analysis, Machine Learning and Android Security.

Sunil K. Muttoo

Sunil K. Muttoo is a Retired Professor at the Department of Computer Science, Faculty of Mathematical Sciences, University of Delhi, India. He received his PhD in Coding Theory and M.Phil. in Mathematics from the University of Delhi and M.Tech. in Computer Science and Data Processing from IIT, Kharagpur. His areas of interest include Information Hiding, Coding Theory and E-Governance. He has over 100 publications at national and international forums.