Evaluation of Android Anti-malware Techniques against Dalvik Bytecode Obfuscation

Popularity and growth of Android mobile devices has paved the way for exploiting popular apps using various Dalvik byte code transformation methods. Testing the antimalware techniques against obfuscation identifies the need of proposing effective detection methods. In this paper, we explore the resilience of anti-malware techniques against transformations for Android. The Proposed approach employs variable compression, native code wrapping and register renaming, in addition to already implemented transformations on Dalvik byte code. Evaluation results indicate low resilience of the antimalware detection engines against code obfuscation. Furthermore, we evaluate resilience of Androguard's code similarity and AndroSimilar's robust statistical feature signature against code obfuscated malware.