Perceptive computing for android threats: unveiling Jekyll and Hyde syndrome in scareware
This paper spotlights Android scareware, relating its deceptive behavior to the dual personality syndrome of Jekyll and Hyde, as described in The Strange Case of Dr. Jekyll and Mr. Hyde. Modern scareware employs sophisticated evasion techniques, including metamorphic and polymorphic obfuscation, ena...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | en |
| Published: |
IIUM Press
2025
|
| Subjects: | |
| Online Access: | http://irep.iium.edu.my/120596/7/120596_Perceptive%20computing%20for%20android%20threats.pdf http://irep.iium.edu.my/120596/ https://journals.iium.edu.my/kict/index.php/IJPCC/article/view/531 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | This paper spotlights Android scareware, relating its deceptive behavior to the dual personality syndrome of Jekyll and Hyde, as described in The Strange Case of Dr. Jekyll and Mr. Hyde. Modern scareware employs sophisticated evasion techniques, including metamorphic and polymorphic obfuscation, enabling it to alter its code structure during propagation. Additionally, anti-emulator techniques allow scareware to detect emulation environments and conceal malicious activities. To address these challenges, we propose a hybrid approach that combines static and dynamic analysis, leveraging features derived from unreferenced strings and network flow. This method enhances detection by uncovering scareware's dual behaviors. Using five classifiers, we construct models to address three detection scenarios: identifying malicious Android apps, categorizing apps by scareware type, and classifying apps into scareware families. Tested on a dataset of 1,350 samples, the proposed method outperforms existing approaches, achieving over 90% accuracy across all scenarios with an average false positive rate of just 0.04 |
|---|