Android Malware Clustering using Community Detection on Android Packages Similarity Network

by   ElMouatez Billah Karbab, et al.

The daily amount of Android malicious applications (apps) targeting the app repositories is increasing, and their number is overwhelming the process of fingerprinting. To address this issue, we propose an enhanced Cypider framework, a set of techniques and tools aiming to perform a systematic detection of mobile malware by building a scalable and obfuscation resilient similarity network infrastructure of malicious apps. Our approach is based on our proposed concept, namely malicious community, in which we consider malicious instances that share common features are the most likely part of the same malware family. Using this concept, we presumably assume that multiple similar Android apps with different authors are most likely to be malicious. Specifically, Cypider leverages this assumption for the detection of variants of known malware families and zero-day malicious apps. Cypider applies community detection algorithms on the similarity network, which extracts sub-graphs considered as suspicious and possibly malicious communities. Furthermore, we propose a novel fingerprinting technique, namely community fingerprint, based on a one-class machine learning model for each malicious community. Besides, we proposed an enhanced Cypider framework, which requires less memory, x650, and less time to build the similarity network, x700, compared to the original version, without affecting the fingerprinting performance of the framework. We introduce a systematic approach to locate the best threshold on different feature content vectors, which simplifies the overall detection process.


page 29

page 30

page 42


DaDiDroid: An Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling

With the number of new mobile malware instances increasing by over 50% a...

Automatic Investigation Framework for Android Malware Cyber-Infrastructures

The popularity of Android system, not only in the handset devices but al...

Discovering Communities of Malapps on Android-based Mobile Cyber-physical Systems

Android-based devices like smartphones have become ideal mobile cyber-ph...

Responding to Living-Off-the-Land Tactics using Just-in-Time Memory Forensics (JIT-MF) for Android

Digital investigations of stealthy attacks on Android devices pose parti...

Illegal But Not Malware: An Underground Economy App Detection System Based on Usage Scenario

This paper focuses on mobile apps serving the underground economy by pro...

Maat: Automatically Analyzing VirusTotal for Accurate Labeling and Effective Malware Detection

The malware analysis and detection research community relies on the onli...

MaMaDroid2.0 – The Holes of Control Flow Graphs

Android malware is a continuously expanding threat to billions of mobile...

Please sign up or login with your details

Forgot password? Click here to reset