AndroSimilar: robust statistical feature signature for Android malware detection

Authors:
Parvez Faruki;Vijay Ganmoor;Vijay Laxmi;M. S. Gaur;Ammar Bharmal
Affiliations:
Malaviya National Institute of Technology, Jaipur, India;Malaviya National Institute of Technology, Jaipur, India;Malaviya National Institute of Technology, Jaipur, India;Malaviya National Institute of Technology, Jaipur, India;Malaviya National Institute of Technology, Jaipur, India
Venue:
Proceedings of the 6th International Conference on Security of Information and Networks
Year:
2013

Citing 11
Cited 0

A methodology for empirical analysis of permission-based security models and its application to android

Proceedings of the 17th ACM conference on Computer and communications security
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
A study of android application security

SEC'11 Proceedings of the 20th USENIX conference on Security
Android permissions demystified

Proceedings of the 18th ACM conference on Computer and communications security
Detecting repackaged smartphone applications in third-party android marketplaces

Proceedings of the second ACM conference on Data and Application Security and Privacy
PEAL--Packed executable analysis

ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
An evaluation of forensic similarity hashes

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Identifying almost identical files using context triggered piecewise hashing

Digital Investigation: The International Journal of Digital Forensics & Incident Response
RiskRanker: scalable and accurate zero-day android malware detection

Proceedings of the 10th international conference on Mobile systems, applications, and services
Dissecting Android Malware: Characterization and Evolution

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
ADAM: an automatic and extensible platform to stress test android anti-virus systems

DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Quantified Score

Hi-index	0.00

Visualization

Abstract

Android Smartphone popularity has increased malware threats forcing security researchers and AntiVirus (AV) industry to carve out smart methods to defend Smartphone against malicious apps. Robust signature based solutions to mitigate threats become necessary to protect the Smartphone and confidential user data. In this paper we present AndroSimilar, a robust approach which generates signature by extracting statistically improbable features, to detect malicious Android apps. Proposed method is effective against code obfuscation and repackaging, widely used techniques to evade AV signature and to propagate unseen variants of known malware. AndroSimilar is a syntactic foot-printing mechanism that finds regions of statistical similarity with known malware to detect those unknown, zero day samples. Syntactic file similarity of whole file is considered instead of just opcodes for faster detection compared to known fuzzy hashing approaches. Results demonstrate robust detection of variants of known malware families. Proposed approach can be refined to deploy as Smartphone AV.