Similarity-based Android malware detection using Hamming distance of static binary features

Rahim Taheri, Meysam Ghahramani, Reza Javidan, Mohammad Shojafar*, Zahra Pooranian, Mauro Conti

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest neighbors (KMNN). In our proposed methods, we can trigger the alarm if we detect an Android app is malicious. Hence, our solutions help us to avoid the spread of detected malware on a broader scale. We provide a detailed description of the proposed detection methods and related algorithms. We include an extensive analysis to assess the suitability of our proposed similarity-based detection methods. In this way, we perform our experiments on three datasets, including benign and malware Android apps like Drebin, Contagio, and Genome. Thus, to corroborate the actual effectiveness of our classifier, we carry out performance comparisons with some state-of-the-art classification and malware detection algorithms, namely Mixed and Separated solutions, the program dissimilarity measure based on entropy (PDME) and the FalDroid algorithms. We test our experiments in a different type of features: API, intent, and permission features on these three datasets. The results confirm that accuracy rates of proposed algorithms are more than 90% and in some cases (i.e., considering API features) are more than 99%, and are comparable with existing state-of-the-art solutions.

Original languageEnglish
Pages (from-to)230-247
Number of pages18
JournalFuture Generation Computer Systems
Volume105
Early online date9 Dec 2019
DOIs
Publication statusPublished - 1 Apr 2020

Keywords

  • Android
  • Clustering
  • Hamming distance
  • K-nearest neighbor (KNN)
  • Malware detection
  • Static analysis

Fingerprint

Dive into the research topics of 'Similarity-based Android malware detection using Hamming distance of static binary features'. Together they form a unique fingerprint.

Cite this