Android malware detection via an app similarity graph

Due to the ever-increasing number of Android applications and constant advances in software development techniques, there is a need for scalable and flexible malware detectors that can efficiently address big data challenges. Motivated by large-scale recommender systems, we propose a static Android application analysis method which relies on an app similarity graph (ASG). We believe that the key to classifying app's behavior lies in their common reusable building blocks, e.g. functions, in contrast to expert based features. We demonstrate our method on the Drebin benchmark in both balanced and unbalanced settings, on a brand new VTAz dataset from 2020, and on a dataset of approximately 190K applications provided by VirusTotal, achieving an accuracy of 0.975 in balanced settings, and AUC score of 0.987. The analysis and classification time of the proposed methods are notably lower than in the reviewed research (from 0.08 to 0.153 sec/app). (c) 2021 Elsevier Ltd. All rights reserved.

Automated summary

In order to effectively address the increasing number of Android applications and advancements in software development, a static Android application analysis method based on an app similarity graph (ASG) is proposed. The method achieves high accuracy and AUC values on different datasets in both balanced and unbalanced settings.