JoWUA

Abstract

Adware is the most common type of malware. While considered not harmful in nature, it disrupts the user experience and generates unwanted revenue. Adware is also difficult to analyze and detect, therefore it is actively distributed through the Google Play Store. In the case of known adware detection, analysis takes a long time due to prolonged dynamic analysis to reveal Ads, and the result of network traffic analysis is difficult to determine traffic such as multimedia streaming, which results in a high probability of false positives. In this paper, we introduce a method to efficiently detect adware using static analysis. CFG(Control Flow Graph) analysis was performed using Soot to identify the adware signatures. 52 signatures were obtained through analysis of 1000 samples, and the optimized detection efficiency was measured while changing the depth (level) of the CFG. In addition, it achieves 91.92% of accuracy when analyzing 1380 normal and 4490 adware samples. This approach has similar detection rate in a shorter time compared to the existing dynamic analysis, and it does not require operation check as in previous dynamic analysis approaches.