RAX-ClaMal: Dynamic Android malware classification based on RAX register values

HIEN DO
15:17 06/01/2025

Detecting malware on Android remains a major challenge because malicious apps use sophisticated evasion techniques. This study presents RAX-ClaMal, a novel approach leveraging dynamic analysis of RAX (Register a Extended) register values for Android malware detection. By extracting and examining the RAX register in the data sections from Dalvik Executable (DEX) files, RAX-ClaMal monitors changes in RAX register values to identify malicious behavior. Employing the Jaccard similarity index for classification, the method achieved a precision of 95.38%, a false positive rate of 1.59%, and an average detection time of 9.54 s per sample on the CICMalDroid2020 dataset. These results underscore the potential of using register values as indicators of malicious activity within Android applications.

TIN LIÊN QUAN
Malware threatens cybersecurity by enabling data theft, unauthorized access, and extortion. Traditional malware detection systems (MDS) struggle with the increasing volume and complexity of malware. While machine learning (ML) and deep learning (DL) offer promising solutions, they remain vulnerable to adversarial attacks that evade detection. Recent research focuses on developing...