Skip to content
AndrODet: An Adaptive Android Obfuscation Detector
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
MOA
androguard-master Androguard Sep 7, 2018
applications
dexdump
feature_extraction Feature extraction modules Sep 7, 2018
output_dir Directory of outputs Sep 7, 2018
.gitattributes
.gitignore
AndrODet_MOA.py
LICENSE.txt AndrODet License Sep 7, 2018
README.md README.md Oct 10, 2018

README.md

AndrODet: An Adaptive Android Obfuscation Detector

VERSION:

Version (by release date): 2018-07-26

DEVELOPER INFORMATION:

Name: Omid Mirzaei
Laboratory: Computer Security Lab (COSEC)
University: Universidad Carlos III de Madrid
Website: https://cosec.inf.uc3m.es/~omid-mirzaei/androdet.html

PUBLICATION:

AndrODet: An Adaptive Android Obfuscation Detector
O. Mirzaei, J. M. de Fuentes, J. E. Tapiador, L. Gonzalez-Manzano
Future Generation Computer Systems, Elsevier (January 2019)

INSTALLATION INSTRUCTIONS:

Before using AndrODet, you only need to install python 2.7.11 on your system successfully. Moreover, you might need to install some python modules which are not commonly included in the regular installation of python and have been used in our scripts.

USAGE:

AndrODet has one main module which is used for feature extraction, testing and training incrementally. To run AndrODet, you need to build up your dataset of obfuscated apps initially. Three sub-directories are needed to be considered for this purpose within your apps directory, including IR, SE and CF which do contain apps that are either obfuscated ('YES') or not ('NO') by one of the following techniques:

  1. Identifier renaming
  2. String encryption
  3. Control flow obfuscation

In the next step, you just need to run the below command in the terminal to start AndrODet:

python AndrODet_MOA.py -a '/Directory/of/apps' -d '/Directory/of/dexdump' -g '/Directory/of/androguard' -o '/Directory/of/output'

Once the above command is executed, the system starts to extract features from applications, testing, and, then, training the system on the fly. At the end, a confusion matrix is shown to the user.

Note: The dexdump disassembler uploaded to this repository is for Mac operating system. You may need to download the relevant variant of this tool and replace it with the current one based on your operating system.

COPYRIGHT NOTICE:

All rights reserved for the above authors and research center. Please, look at the "License.txt" file for more detailed information regarding the usage and distribution of these source codes.

ACKNOWLEDGEMENT:

This work has been partially supported by MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV) and CAM grant S2013/ICE-3095 (CIBERDINE), co-funded with European FEDER funds. Furthermore, it has been partially supported by the UC3M’s grant Programa de Ayudas para la Movilidad. The authors would like to thank the Allatori technical team for its valuable assistance, and, also, the authors of the AMD and PraGuard datasets which made their repositories available to us.

You can’t perform that action at this time.