IIT Home Page CNR Home Page

An Exploratory Study on the Evolution of Android Malware Quality

In the context of software engineering, product software quality measures how well a software artifact is designed and coded. Software products must satisfy non-functional properties (e.g., reliability, usability, understandability, maintainability), in order to make maintenance and evolution sustainable in the long period. Software evolution is an issue of interest for the malware writers, too, for two reasons. First, in order to evade detection with the minimum effort, malware writers use to produce "variants", which are obtained by applying little changes to existing malware. Morevoer, recent studies demonstrated that malware is increasingly improving evasion strategies, infection mechanisms and is using more and more complex payloads. This suggests that malware writers are devoting relevant efforts and skills for producing high quality software. For this reason, we wonder whether malware writers are devoting effort to improve the structural quality of their code, too, as it happens in the development of goodware. To investigate this question, we (i) characterize a dataset containing about 20,000 Android applications, divided into goodware and malware ones, relying on the Android API version they require, and (ii) compute software quality metrics, divided into 4 categories (i.e., dimensional metrics, complexity metrics, object-oriented metrics and Android-oriented metrics) for apps belonging to each population. We then identify evolution trends of these metrics in malware and goodware. The results of our study demonstrate that goodware and malicious applications exhibit similar evolution trends for some of the quality indicators, suggesting that malware writers care about the overall quality of their code. Code quality could be considered an indirect measure of how many and how fast variants of existing malware will be released in the wild.
Journal of Software: Evolution and Process, 2018

External authors: Andrea Di Sorbo (Dipartimento di Ingegneria, Università degli Studi del Sannio), Corrado Aaron Visaggio (Dipartimento di Ingegneria, Università degli Studi del Sannio), Aniello Cimitile (Dipartimento di Ingegneria, Università degli Studi del Sannio)
IIT authors:

Francesco Mercaldo

Foto di Francesco Mercaldo

Type: Contributo in rivista ISI
Field of reference: Computer Science & Engineering

File: jsep-2017-candidate.pdf

Activity: Sicurezza di dispositivi mobili