Application of genetic algorithms for malware obfuscation and static vulnerability analysis in Android environments

As digitisation grows, from social media to banking applications, malicious software (malware) threats have become increasingly problematic. A large proportion of malware is developed directly based on previous malware samples. This allows low-skilled developers to modify known malware and reap the benefits. This dissertation highlights how effective a standard programming paradigm, and a low-performance computer can be in evading modern antivirus systems, demonstrating that the security for mobile applications can be overcome without the need for high-performance computers. This dissertation aims to provide a standardised way to make Android application code unrecognisable/hide its characteristics (obfuscate), highlighting security vulnerabilities without the need for professional knowledge on the subject. Obfuscation can be used for legitimate purposes, such as protecting intellectual property and hiding sensitive information or vulnerabilities in software code; conversely, it has the illegitimate purpose of making malware more evasive. In this dissertation, a program was developed using a genetic algorithm combined with several preexisting tools and then tested using malicious Android applications. The contributions of this research are two-fold. Firstly, existing research was recreated using recent Android applications rather than pre-1995 DOS-era applications, making its insights relevant to current computer systems. Secondly, achieving this with standard computer resources (i.e., not a high-performance computer), as is typically used in related research, broadens the audience to which the results are applicable. Key findings from this research are that, with obfuscation methods built in the year 2020, a genetic algorithm can find sequences of obfuscation that can bypass antivirus systems in 2025. The program achieved this with only control and data flow manipulation-based obfuscation and produced good results with a population of five after twenty-one generations. This finding is significant because the methods used are not highly complex to implement, and in terms of computer technology, five years is a significant amount of time.