Android Malware and Variant Detection Framework Leveraging Similarity Hashes

Abstract

In the growing world of technology, the frequency and magnitude of cyber attacks is increasing day by day. Most popular OS are most prone to these attacks. Android OS is sharing a major share in OS market therefore facing the challenge of frequent and sophisticated malware attacks. These malware are created in a way to bypass network security systems. Major categories of malware remain the same however small modifications in malware can make it act differently and hence challenging to identify. Various techniques and algorithms are used for the identification and categorization of these variants to make better security and incidence responses. Fuzzy hashes are used to calculate the similarity index between files to identify malicious sections inside an appearing legitimate file. In this paper, research has been conducted to evaluate and improve the working, accuracy, and reliability of fuzzy hashes of static features of APK files in detecting Android malware and classifying its variants. In contrast to conventional research methodologies, our study adopts a distinctive static feature-based fuzzy hashing technique for the detection of malware and its variants. This approach has enabled us to achieve promising results in our experiments. We selected a dataset consisting of 2000 APK files, containing both malicious and benign samples. For variant identification and family classification, we’ve selected random malware families from six distinct categories: trojan, adware, spyware, virus, downloader, and hacktool. Through rigorous experimentation, our findings have demonstrated a significant improvement in key metrics such as precision, recall, and the F-Measure. These improvements collectively contribute to an overall enhancement in the accuracy, reaching 96.67%, all without the dependence on intricate machine learning or deep learning methods.