Paper Info
Title
AndroSimilar: Robust signature for detecting variants of Android malware
Abstract
Android Smartphone popularity has increased malware threats forcing security researchers and AntiVirus (AV) industry to carve out smart methods to defend Smartphone against malicious apps. Robust signature based solutions to mitigate threats become necessary to protect the Smartphone and confidential user data. Here we present AndroSimilar, an approach which generates signatures by extracting statistically robust features, to detect malicious Android apps. Proposed method is effective against code obfuscation and repackaging, widely used techniques to propagate unseen variants of known malware by evading AV signatures. AndroSimilar is a syntactic foot-printing mechanism that finds regions of statistical similarity with known malware to detect those unknown, zero day samples. We also show that syntactic similarity considering whole app, rather than just embedded DEX file is more effective, contrary to known fuzzy hashing approach. We also apply clustering algorithm to identify small set of family signatures to reduce overall signature database size. Proposed approach can be refined to deploy as Smartphone AV.
Year
DOI
Venue
2015
10.1016/j.jisa.2014.10.011
Journal of Information Security and Applications
Keywords
Field
DocType
Android malware,Code obfuscation,Similarity digest,Statistical features
Cryptovirology,Android (operating system),Computer science,Computer security,Fuzzy logic,Android malware,Hash function,Obfuscation (software),Cluster analysis,Malware
Journal
Volume
ISSN
Citations 
22
2214-2126
22
PageRank 
References 
Authors
0.77
13
5
Name
Order
Citations
PageRank
Parvez Faruki120511.95
Vijay Laxmi247857.09
Ammar Bharmal3552.72
Manoj S. Gaur450163.38
Vijay Ganmoor5532.36