Similarity-based Android malware detection using Hamming distance of static binary features

In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest neighbors (KMNN). In our proposed methods, we can...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Future generation computer systems Ročník 105; s. 230 - 247
Hlavní autori: Taheri, Rahim, Ghahramani, Meysam, Javidan, Reza, Shojafar, Mohammad, Pooranian, Zahra, Conti, Mauro
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Elsevier B.V 01.04.2020
Predmet:
Android
Clustering
Hamming distance
K-nearest neighbor (KNN)
Malware detection
Static analysis
Hamming distance
Clustering
Malware detection
K-nearest neighbor (KNN)
Static analysis
Android
ISSN:0167-739X
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Abstract In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest neighbors (KMNN). In our proposed methods, we can trigger the alarm if we detect an Android app is malicious. Hence, our solutions help us to avoid the spread of detected malware on a broader scale. We provide a detailed description of the proposed detection methods and related algorithms. We include an extensive analysis to assess the suitability of our proposed similarity-based detection methods. In this way, we perform our experiments on three datasets, including benign and malware Android apps like Drebin, Contagio, and Genome. Thus, to corroborate the actual effectiveness of our classifier, we carry out performance comparisons with some state-of-the-art classification and malware detection algorithms, namely Mixed and Separated solutions, the program dissimilarity measure based on entropy (PDME) and the FalDroid algorithms. We test our experiments in a different type of features: API, intent, and permission features on these three datasets. The results confirm that accuracy rates of proposed algorithms are more than 90% and in some cases (i.e., considering API features) are more than 99%, and are comparable with existing state-of-the-art solutions. •We prove the similar results achievement of using Hamming distance with others.•We propose four scenarios for malware detection using Hamming distances.•We obtain the maximum achievable accuracy with the Hamming distance as a threshold.•We evaluate our methods using three standard datasets and various features.•We compare our malware detection methods against three cutting-edge solutions.
AbstractList In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest neighbors (KMNN). In our proposed methods, we can trigger the alarm if we detect an Android app is malicious. Hence, our solutions help us to avoid the spread of detected malware on a broader scale. We provide a detailed description of the proposed detection methods and related algorithms. We include an extensive analysis to assess the suitability of our proposed similarity-based detection methods. In this way, we perform our experiments on three datasets, including benign and malware Android apps like Drebin, Contagio, and Genome. Thus, to corroborate the actual effectiveness of our classifier, we carry out performance comparisons with some state-of-the-art classification and malware detection algorithms, namely Mixed and Separated solutions, the program dissimilarity measure based on entropy (PDME) and the FalDroid algorithms. We test our experiments in a different type of features: API, intent, and permission features on these three datasets. The results confirm that accuracy rates of proposed algorithms are more than 90% and in some cases (i.e., considering API features) are more than 99%, and are comparable with existing state-of-the-art solutions. •We prove the similar results achievement of using Hamming distance with others.•We propose four scenarios for malware detection using Hamming distances.•We obtain the maximum achievable accuracy with the Hamming distance as a threshold.•We evaluate our methods using three standard datasets and various features.•We compare our malware detection methods against three cutting-edge solutions.
Author Shojafar, Mohammad
Taheri, Rahim
Pooranian, Zahra
Ghahramani, Meysam
Javidan, Reza
Conti, Mauro
Author_xml – sequence: 1
  givenname: Rahim
  surname: Taheri
  fullname: Taheri, Rahim
  email: r.taheri@sutech.ac.ir
  organization: Department of Computer Engineering and Information Technology, Shiraz University of Technology, Shiraz, Iran
– sequence: 2
  givenname: Meysam
  surname: Ghahramani
  fullname: Ghahramani, Meysam
  email: m.ghahramani@sutech.ac.ir
  organization: Department of Computer Engineering and Information Technology, Shiraz University of Technology, Shiraz, Iran
– sequence: 3
  givenname: Reza
  surname: Javidan
  fullname: Javidan, Reza
  email: javidan@sutech.ac.ir
  organization: Department of Computer Engineering and Information Technology, Shiraz University of Technology, Shiraz, Iran
– sequence: 4
  givenname: Mohammad
  surname: Shojafar
  fullname: Shojafar, Mohammad
  email: m.shojafar@surrey.ac.uk
  organization: ICS/5GIC, University of Surrey, Guildford GU27XH, UK
– sequence: 5
  givenname: Zahra
  surname: Pooranian
  fullname: Pooranian, Zahra
  email: zahra@math.unipd.it
  organization: Department of Mathematics, University of Padua, Via Trieste 63, Padua, 35131, Italy
– sequence: 6
  givenname: Mauro
  surname: Conti
  fullname: Conti, Mauro
  email: conti@math.unipd.it
  organization: Department of Mathematics, University of Padua, Via Trieste 63, Padua, 35131, Italy
BookMark eNqFkM1KAzEUhbOoYKu-gYu8wIxJ5t-FUIpaoeDCLgQXIZPcyC2djCSp0rc3Q1250NW5cDmHc74FmbnRASHXnOWc8fpml9tDPHjIBeNdznnOinJG5unVZE3RvZ6TRQg7xhhvCj4nby844F55jMesVwEMXTrjRzR0UPsv5YEaiKAjjo4eArp3ulbDMKnBEJXTQEdL0xVR0x6d8kdqQU0NwiU5s2of4OpHL8j24X67Wmeb58en1XKT6YLVMQNhu743QoHQneoqaG1V8aYWBbSCa-hsejJVqtIKK5RQVneiND2r24rrtrggt6dY7ccQPFipceozuugV7iVnciIjd_JERk5kJOcykUnm8pf5w-OQVvxnuzvZIO36RPAyaIREw6BPtKQZ8e-Ab07ahy8
CitedBy_id crossref_primary_10_1016_j_jisa_2024_103880
crossref_primary_10_1016_j_tcs_2022_07_018
crossref_primary_10_1007_s11227_024_05916_1
crossref_primary_10_1007_s12530_022_09471_z
crossref_primary_10_5194_ms_13_55_2022
crossref_primary_10_1080_23335777_2025_2510423
crossref_primary_10_1109_ACCESS_2021_3069210
crossref_primary_10_1155_2022_8621083
crossref_primary_10_1038_s41598_022_19443_7
crossref_primary_10_1109_TCSVT_2023_3275814
crossref_primary_10_7717_peerj_cs_907
crossref_primary_10_1109_ACCESS_2022_3189645
crossref_primary_10_3390_sym12050858
crossref_primary_10_1016_j_eswa_2020_114348
crossref_primary_10_1109_ACCESS_2021_3079370
crossref_primary_10_1109_TC_2023_3291998
crossref_primary_10_1007_s10489_023_04482_y
crossref_primary_10_1016_j_eswa_2023_123109
crossref_primary_10_1186_s42400_022_00119_8
crossref_primary_10_1016_j_eswa_2024_124095
crossref_primary_10_1155_2023_8227751
crossref_primary_10_1016_j_eswa_2023_122255
crossref_primary_10_1007_s10586_023_04033_7
crossref_primary_10_1007_s11192_020_03834_6
crossref_primary_10_1007_s12652_023_04557_1
crossref_primary_10_3233_JIFS_222612
crossref_primary_10_1016_j_cose_2021_102514
crossref_primary_10_1155_2022_6425583
crossref_primary_10_1016_j_cose_2025_104379
crossref_primary_10_7717_peerj_cs_533
crossref_primary_10_1007_s00521_021_05816_y
crossref_primary_10_1016_j_future_2025_108092
crossref_primary_10_1007_s10207_023_00712_z
crossref_primary_10_1109_ACCESS_2025_3589656
crossref_primary_10_1016_j_cose_2024_103778
crossref_primary_10_1109_ACCESS_2021_3062735
crossref_primary_10_1016_j_neucom_2025_131486
crossref_primary_10_1007_s10462_022_10143_2
crossref_primary_10_1108_IJWIS_03_2024_0095
crossref_primary_10_1111_exsy_13684
crossref_primary_10_3390_fi12090145
crossref_primary_10_1371_journal_pone_0276332
crossref_primary_10_3390_info12050185
crossref_primary_10_1016_j_compeleceng_2021_107443
crossref_primary_10_1007_s10207_024_00822_2
crossref_primary_10_1371_journal_pone_0247119
crossref_primary_10_1109_ACCESS_2024_3485917
crossref_primary_10_3390_electronics13030482
crossref_primary_10_3390_jmse9121458
crossref_primary_10_1016_j_measen_2023_100955
crossref_primary_10_1016_j_rineng_2025_104450
crossref_primary_10_1080_19393555_2020_1767239
crossref_primary_10_1002_gdj3_234
crossref_primary_10_1016_j_iot_2024_101300
crossref_primary_10_1016_j_icte_2021_09_003
crossref_primary_10_1155_2020_2835023
crossref_primary_10_1007_s00500_025_10489_z
crossref_primary_10_1002_spy2_70053
crossref_primary_10_3390_systems11110547
crossref_primary_10_1016_j_jnca_2024_104035
crossref_primary_10_1016_j_comnet_2021_107932
crossref_primary_10_1016_j_cose_2023_103654
crossref_primary_10_1080_01605682_2021_1992310
crossref_primary_10_1371_journal_pone_0270647
crossref_primary_10_3390_math12101437
crossref_primary_10_1016_j_jisa_2021_102929
crossref_primary_10_1049_ntw2_12022
crossref_primary_10_1080_1206212X_2021_1885150
crossref_primary_10_1007_s42454_024_00055_7
crossref_primary_10_1016_j_engappai_2023_107390
crossref_primary_10_1016_j_cose_2022_102670
crossref_primary_10_1186_s40537_025_01157_y
crossref_primary_10_1155_2022_5108338
crossref_primary_10_1016_j_patrec_2021_02_004
crossref_primary_10_3390_electronics10020186
crossref_primary_10_1016_j_comnet_2021_108618
crossref_primary_10_1007_s10586_022_03717_w
crossref_primary_10_1093_comjnl_bxac114
crossref_primary_10_1109_TDSC_2024_3352604
crossref_primary_10_1016_j_eswa_2023_121617
crossref_primary_10_1109_ACCESS_2020_3002842
crossref_primary_10_1016_j_iot_2024_101320
crossref_primary_10_1155_2021_8736946
crossref_primary_10_3390_electronics13173553
crossref_primary_10_1016_j_eswa_2025_127888
crossref_primary_10_1002_cpe_6980
crossref_primary_10_1016_j_future_2021_02_015
crossref_primary_10_3390_s22176562
crossref_primary_10_1007_s42154_022_00205_0
crossref_primary_10_1111_exsy_13488
crossref_primary_10_1108_IJPCC_06_2022_0236
crossref_primary_10_3390_math8030410
crossref_primary_10_1109_ACCESS_2020_3008433
crossref_primary_10_1016_j_cose_2021_102386
crossref_primary_10_1145_3717607
crossref_primary_10_47164_ijngc_v13i3_807
crossref_primary_10_1016_j_future_2022_08_002
crossref_primary_10_1007_s11416_023_00506_w
crossref_primary_10_1007_s10586_020_03083_5
crossref_primary_10_1186_s13104_024_06791_y
crossref_primary_10_7717_peerj_cs_1043
crossref_primary_10_1016_j_neucom_2020_09_082
crossref_primary_10_1080_19393555_2021_1934198
Cites_doi 10.1109/TIFS.2018.2879302
10.1109/TST.2016.7399288
10.1007/s11416-013-0184-5
10.1109/TIFS.2018.2806891
10.1080/0161-119591883944
10.1109/SP.2012.16
10.1109/ACCESS.2019.2896003
10.1016/j.future.2017.01.019
10.1007/s11416-012-0171-2
10.1016/j.cose.2019.02.007
10.1109/MSP.2009.26
10.1016/j.neucom.2019.01.105
10.1016/j.future.2018.02.001
10.1016/j.eswa.2008.01.039
10.1016/j.future.2019.03.006
10.1109/ACCESS.2018.2844349
10.1016/j.patrec.2010.03.014
10.1007/s11416-016-0277-z
10.14722/ndss.2014.23247
ContentType Journal Article
Copyright 2019 Elsevier B.V.
Copyright_xml – notice: 2019 Elsevier B.V.
DBID AAYXX
CITATION
DOI 10.1016/j.future.2019.11.034
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EndPage 247
ExternalDocumentID 10_1016_j_future_2019_11_034
S0167739X19315122
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1~.
1~5
29H
4.4
457
4G.
5GY
5VS
7-5
71M
8P~
9JN
AAEDT
AAEDW
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AATTM
AAXKI
AAXUO
AAYFN
AAYWO
ABBOA
ABDPE
ABFNM
ABJNI
ABMAC
ABWVN
ABXDB
ACDAQ
ACGFS
ACNNM
ACRLP
ACRPL
ACZNC
ADBBV
ADEZE
ADJOM
ADMUD
ADNMO
AEBSH
AEIPS
AEKER
AFJKZ
AFTJW
AGCQF
AGHFR
AGQPQ
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIIUN
AIKHN
AITUG
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
ANKPU
AOUOD
APXCP
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BLXMC
CS3
EBS
EFJIC
EFKBS
EFLBG
EJD
EO8
EO9
EP2
EP3
F5P
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-Q
GBLVA
GBOLZ
HLZ
HVGLF
HZ~
IHE
J1W
KOM
LG9
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
PC.
Q38
R2-
ROL
RPZ
SBC
SDF
SDG
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
UHS
WUQ
XPP
ZMT
~G-
~HD
9DU
AAYXX
ACLOT
CITATION
ID FETCH-LOGICAL-c306t-e2f9bbd2ae2c9a95e8f5517623e821ce9fbd20a4a4f2f2a2afc924db06851c83
ISICitedReferencesCount 124
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000515213000017&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 0167-739X
IngestDate Sat Nov 29 06:59:54 EST 2025
Tue Nov 18 21:56:59 EST 2025
Sat Sep 13 17:02:33 EDT 2025
IsPeerReviewed true
IsScholarly true
Keywords Hamming distance
Clustering
Malware detection
K-nearest neighbor (KNN)
Static analysis
Android
Language English
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c306t-e2f9bbd2ae2c9a95e8f5517623e821ce9fbd20a4a4f2f2a2afc924db06851c83
PageCount 18
ParticipantIDs crossref_citationtrail_10_1016_j_future_2019_11_034
crossref_primary_10_1016_j_future_2019_11_034
elsevier_sciencedirect_doi_10_1016_j_future_2019_11_034
PublicationCentury 2000
PublicationDate April 2020
2020-04-00
PublicationDateYYYYMMDD 2020-04-01
PublicationDate_xml – month: 04
  year: 2020
  text: April 2020
PublicationDecade 2020
PublicationTitle Future generation computer systems
PublicationYear 2020
Publisher Elsevier B.V
Publisher_xml – name: Elsevier B.V
References Vidas, Christin (b34) 2014
Bläsing, Batyuk, Schmidt, Camtepe, Albayrak (b39) 2010
Faruki, Ganmoor, Laxmi, Gaur, Bharmal (b32) 2013
(b29) 2018
Meng, Xiong, Huang, Qin, Jin, Yan (b12) 2019; 341
Razaque, Xihao, Liangjie, Almiani, Jararweh, Khan (b6) 2018
Genuer, Poggi, Tuleau-Malot (b25) 2010; 31
Canfora, Medvet, Mercaldo, Visaggio (b31) 2016
Yuan, Lu, Xue (b36) 2016; 21
(b37) 2019
Wang, Li, Wang, Liu, Zhang (b8) 2018; 78
X. Jiang, Y. Zhou, Dissecting android malware: Characterization and evolution, in: Proc. of IEEE S&P, 2012, pp. 95–109.
(b2) 2019
Vicente (b3) 2018
Martín, Hernández, de los Santos (b15) 2019
Wang, Li, Wang, Liu, Zhang (b20) 2018; 78
Han, Xue, Wang, Huang, Kong, Mao (b11) 2019; 83
D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, C. Siemens, Drebin: Effective and explainable detection of android malware in your pocket, in: Ndss, Vol. 14, 2014, pp. 23–26.
Chen, Xue, Tang, Xu, Zhu (b27) 2016
Park, Jun (b44) 2009; 36
Enck, Ongtang, McDaniel (b35) 2009; 7
Feng, Ma, Sun, Xu, Ma (b13) 2018; 6
(b4) 2009
Demontis (b43) 2018; PP
Cai, Meng, Ryder, Yao (b10) 2019; 14
Shanmugam, Low, Stamp (b18) 2013; 9
(b5) 2017
Al-Sharif, Al-Saleh, Alawneh, Jararweh, Gupta (b9) 2018
Fan, Liu, Luo, Chen, Tian, Zheng, Liu (b21) 2018; 13
Zhang (b28) 2014
(b38) 2019
Fereidooni, Conti, Yao, Sperduti (b30) 2016
Radkani, Hashemi, Keshavarz-Haddad, Haeri (b19) 2018
Roussev (b33) 2009
(b1) 2019
P. Vinod, R. Jaipur, V. Laxmi, M. Gaur, Survey on malware detection methods, in: Proceedings of the 3rd Hackers’ Workshop on Computer and Internet Security, IITKHACK’09, 2009, pp. 74–79.
Toderici, Stamp (b42) 2013; 9
Rad, Masrom, Ibrahim, Ibrahim (b17) 2011
(b46) 2019
Ma, Ge, Liu, Zhao, Ma (b14) 2019; 7
Jakobsen (b40) 1995; 19
Saracino (b24) 2016
Rad, Masrom (b41) 2011
Kumar, Kuppusamy, Aghila (b16) 2018; 83
Varsha, Vinod, Dhanya (b22) 2017; 13
Xiong (b23) 2018
(10.1016/j.future.2019.11.034_b2) 2019
Xiong (10.1016/j.future.2019.11.034_b23) 2018
Jakobsen (10.1016/j.future.2019.11.034_b40) 1995; 19
(10.1016/j.future.2019.11.034_b46) 2019
Enck (10.1016/j.future.2019.11.034_b35) 2009; 7
Wang (10.1016/j.future.2019.11.034_b20) 2018; 78
Radkani (10.1016/j.future.2019.11.034_b19) 2018
Han (10.1016/j.future.2019.11.034_b11) 2019; 83
Feng (10.1016/j.future.2019.11.034_b13) 2018; 6
Genuer (10.1016/j.future.2019.11.034_b25) 2010; 31
Fereidooni (10.1016/j.future.2019.11.034_b30) 2016
Kumar (10.1016/j.future.2019.11.034_b16) 2018; 83
Rad (10.1016/j.future.2019.11.034_b17) 2011
Vidas (10.1016/j.future.2019.11.034_b34) 2014
Al-Sharif (10.1016/j.future.2019.11.034_b9) 2018
(10.1016/j.future.2019.11.034_b38) 2019
10.1016/j.future.2019.11.034_b7
Vicente (10.1016/j.future.2019.11.034_b3) 2018
Demontis (10.1016/j.future.2019.11.034_b43) 2018; PP
(10.1016/j.future.2019.11.034_b1) 2019
Cai (10.1016/j.future.2019.11.034_b10) 2019; 14
Fan (10.1016/j.future.2019.11.034_b21) 2018; 13
10.1016/j.future.2019.11.034_b26
10.1016/j.future.2019.11.034_b45
Ma (10.1016/j.future.2019.11.034_b14) 2019; 7
Faruki (10.1016/j.future.2019.11.034_b32) 2013
Razaque (10.1016/j.future.2019.11.034_b6) 2018
Zhang (10.1016/j.future.2019.11.034_b28) 2014
Toderici (10.1016/j.future.2019.11.034_b42) 2013; 9
Roussev (10.1016/j.future.2019.11.034_b33) 2009
(10.1016/j.future.2019.11.034_b29) 2018
(10.1016/j.future.2019.11.034_b5) 2017
Canfora (10.1016/j.future.2019.11.034_b31) 2016
Shanmugam (10.1016/j.future.2019.11.034_b18) 2013; 9
Wang (10.1016/j.future.2019.11.034_b8) 2018; 78
Meng (10.1016/j.future.2019.11.034_b12) 2019; 341
Varsha (10.1016/j.future.2019.11.034_b22) 2017; 13
Park (10.1016/j.future.2019.11.034_b44) 2009; 36
(10.1016/j.future.2019.11.034_b4) 2009
Martín (10.1016/j.future.2019.11.034_b15) 2019
(10.1016/j.future.2019.11.034_b37) 2019
Saracino (10.1016/j.future.2019.11.034_b24) 2016
Yuan (10.1016/j.future.2019.11.034_b36) 2016; 21
Chen (10.1016/j.future.2019.11.034_b27) 2016
Bläsing (10.1016/j.future.2019.11.034_b39) 2010
Rad (10.1016/j.future.2019.11.034_b41) 2011
References_xml – year: 2019
  ident: b2
  article-title: Sophos mobile security threat reports
– start-page: 377
  year: 2016
  end-page: 388
  ident: b27
  article-title: Stormdroid: A streaminglized machine learning-based system for detecting android malware
  publication-title: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security
– volume: 78
  start-page: 987
  year: 2018
  end-page: 994
  ident: b20
  article-title: Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers
  publication-title: Future Gener. Comput. Syst.
– start-page: 239
  year: 2018
  end-page: 243
  ident: b6
  article-title: Naïve Bayesian And fuzzy c-means algorithm for mobile malware detection precision
  publication-title: 2018 Fifth International Conference on Internet of Things: Systems, Management and Security
– year: 2018
  ident: b3
  article-title: Kaspersky security bulletin 2018
– reference: X. Jiang, Y. Zhou, Dissecting android malware: Characterization and evolution, in: Proc. of IEEE S&P, 2012, pp. 95–109.
– year: 2019
  ident: b46
  article-title: Contagio dataset
– volume: 7
  start-page: 21235
  year: 2019
  end-page: 21245
  ident: b14
  article-title: A combination method for android malware detection based on control flow graphs and machine learning algorithms
  publication-title: IEEE Access
– start-page: 1105
  year: 2014
  end-page: -1116
  ident: b28
  article-title: Drebin: Effective and explainable detection of Android malware in your pocket
  publication-title: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
– year: 2017
  ident: b5
  article-title: GData
– volume: 78
  start-page: 987
  year: 2018
  end-page: 994
  ident: b8
  article-title: Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers
  publication-title: Future Gener. Comput. Syst.
– year: 2019
  ident: b1
  article-title: Global mobile statistics 2014
– reference: D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, C. Siemens, Drebin: Effective and explainable detection of android malware in your pocket, in: Ndss, Vol. 14, 2014, pp. 23–26.
– volume: 21
  start-page: 114
  year: 2016
  end-page: 123
  ident: b36
  article-title: Droiddetector: android malware characterization and detection using deep learning
  publication-title: Tsinghua Sci. Technol.
– year: 2019
  ident: b38
  article-title: 7-Zip
– year: 2009
  ident: b4
  article-title: Google play store statistics 2009
– volume: PP
  year: 2018
  ident: b43
  article-title: Yes, machine learning can be more secure! a case study on android malware detection
  publication-title: IEEE Trans. Dependable Secure Comput.
– start-page: 50
  year: 2016
  end-page: 57
  ident: b31
  article-title: Acquiring and analyzing app metrics for effective mobile malware detection
  publication-title: Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics
– volume: 341
  start-page: 10
  year: 2019
  end-page: 25
  ident: b12
  article-title: AppScalpel: Combining static analysis and outlier detection to identify and prune undesirable usage of sensitive data in android applications
  publication-title: Neurocomputing
– volume: 13
  start-page: 1890
  year: 2018
  end-page: 1905
  ident: b21
  article-title: Android malware familial classification and representative sample selection via frequent subgraph analysis
  publication-title: IEEE Trans. Inf. Forensics Secur.
– start-page: 1
  year: 2016
  end-page: 5
  ident: b30
  article-title: ANASTASIA: Android malware detection using static analysis of applications
  publication-title: 2016 8th IFIP International Conference on New Technologies, Mobility and Security
– start-page: 152
  year: 2013
  end-page: 159
  ident: b32
  article-title: AndroSimilar: robust statistical feature signature for Android malware detection
  publication-title: Proceedings of the 6th International Conference on Security of Information and Networks
– start-page: 447
  year: 2014
  end-page: 458
  ident: b34
  article-title: Evading android runtime analysis via sandbox detection
  publication-title: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security
– start-page: 1
  year: 2009
  end-page: 10
  ident: b33
  article-title: Building a better similarity trap with statistically improbable features
  publication-title: 2009 42nd Hawaii International Conference on System Sciences
– reference: P. Vinod, R. Jaipur, V. Laxmi, M. Gaur, Survey on malware detection methods, in: Proceedings of the 3rd Hackers’ Workshop on Computer and Internet Security, IITKHACK’09, 2009, pp. 74–79.
– volume: 9
  start-page: 1
  year: 2013
  end-page: 14
  ident: b42
  article-title: Chi-squared distance and metamorphic virus detection
  publication-title: J. Comput. Virology Hacking Tech.
– start-page: 411
  year: 2018
  end-page: 422
  ident: b23
  article-title: Android malware detection methods based on the combination of clustering and classification
  publication-title: International Conference on Network and System Security
– year: 2019
  ident: b15
  article-title: Machine-Learning based analysis and classification of Android malware signatures
  publication-title: Future Gener. Comput. Syst.
– start-page: 123
  year: 2011
  end-page: 131
  ident: b17
  article-title: Morphed virus family classification based on opcodes statistical feature using decision tree
  publication-title: International Conference on Informatics Engineering and Information Science
– volume: 83
  start-page: 158
  year: 2018
  end-page: 172
  ident: b16
  article-title: FAMOUS: Forensic analysis of mobile devices using scoring of application permissions
  publication-title: Future Gener. Comput. Syst.
– year: 2011
  ident: b41
  article-title: Metamorphic virus variants classification using opcode frequency histogram
– year: 2018
  ident: b29
  article-title: Android developer dashboard
– volume: 31
  start-page: 2225
  year: 2010
  end-page: 2236
  ident: b25
  article-title: Variable selection using random forests
  publication-title: Pattern Recognit. Lett.
– volume: 13
  start-page: 125
  year: 2017
  end-page: 138
  ident: b22
  article-title: Identification of malicious android app using manifest and opcode features
  publication-title: J. Comput. Virology Hacking Tech.
– volume: 19
  start-page: 265
  year: 1995
  end-page: 274
  ident: b40
  article-title: A fast method for cryptanalysis of substitution ciphers
  publication-title: Cryptologia
– volume: 36
  start-page: 3336
  year: 2009
  end-page: 3341
  ident: b44
  article-title: A simple and fast algorithm for K-medoids clustering
  publication-title: Expert Syst. Appl.
– year: 2018
  ident: b9
  article-title: Live forensics of software attacks on cyber–physical systems
  publication-title: Future Gener. Comput. Syst.
– volume: 9
  start-page: 159
  year: 2013
  end-page: 170
  ident: b18
  article-title: Simple substitution distance and metamorphic detection
  publication-title: J. Comput. Virol. Hacking Tech.
– year: 2016
  ident: b24
  article-title: Madam: Effective and efficient behavior-based Android malware detection and prevention
  publication-title: IEEE Trans. Dependable Secure Comput.
– volume: 7
  start-page: 50
  year: 2009
  end-page: 57
  ident: b35
  article-title: Understanding android security
  publication-title: IEEE Secur. Priv.
– year: 2019
  ident: b37
  article-title: TinyXML
– volume: 14
  start-page: 1455
  year: 2019
  end-page: 1470
  ident: b10
  article-title: Droidcat: Effective android malware detection and categorization via app-level profiling
  publication-title: IEEE Trans. Inf. Forensics Secur.
– start-page: 1
  year: 2018
  end-page: 11
  ident: b19
  article-title: An entropy-based distance measure for analyzing and detecting metamorphic malware
  publication-title: Appl. Intell.
– start-page: 55
  year: 2010
  end-page: 62
  ident: b39
  article-title: An android application sandbox system for suspicious software detection
  publication-title: 2010 5th International Conference on Malicious and Unwanted Software
– volume: 83
  start-page: 208
  year: 2019
  end-page: 233
  ident: b11
  article-title: MalDAE: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics
  publication-title: Comput. Secur.
– volume: 6
  start-page: 30996
  year: 2018
  end-page: 31011
  ident: b13
  article-title: A novel dynamic android malware detection system with ensemble learning
  publication-title: IEEE Access
– start-page: 1
  year: 2016
  ident: 10.1016/j.future.2019.11.034_b30
  article-title: ANASTASIA: Android malware detection using static analysis of applications
– volume: 14
  start-page: 1455
  issue: 6
  year: 2019
  ident: 10.1016/j.future.2019.11.034_b10
  article-title: Droidcat: Effective android malware detection and categorization via app-level profiling
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2018.2879302
– volume: 21
  start-page: 114
  issue: 1
  year: 2016
  ident: 10.1016/j.future.2019.11.034_b36
  article-title: Droiddetector: android malware characterization and detection using deep learning
  publication-title: Tsinghua Sci. Technol.
  doi: 10.1109/TST.2016.7399288
– year: 2018
  ident: 10.1016/j.future.2019.11.034_b9
  article-title: Live forensics of software attacks on cyber–physical systems
  publication-title: Future Gener. Comput. Syst.
– start-page: 1
  year: 2018
  ident: 10.1016/j.future.2019.11.034_b19
  article-title: An entropy-based distance measure for analyzing and detecting metamorphic malware
  publication-title: Appl. Intell.
– year: 2018
  ident: 10.1016/j.future.2019.11.034_b3
– volume: 9
  start-page: 159
  issue: 3
  year: 2013
  ident: 10.1016/j.future.2019.11.034_b18
  article-title: Simple substitution distance and metamorphic detection
  publication-title: J. Comput. Virol. Hacking Tech.
  doi: 10.1007/s11416-013-0184-5
– start-page: 50
  year: 2016
  ident: 10.1016/j.future.2019.11.034_b31
  article-title: Acquiring and analyzing app metrics for effective mobile malware detection
– start-page: 123
  year: 2011
  ident: 10.1016/j.future.2019.11.034_b17
  article-title: Morphed virus family classification based on opcodes statistical feature using decision tree
– year: 2019
  ident: 10.1016/j.future.2019.11.034_b38
– volume: 13
  start-page: 1890
  issue: 8
  year: 2018
  ident: 10.1016/j.future.2019.11.034_b21
  article-title: Android malware familial classification and representative sample selection via frequent subgraph analysis
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2018.2806891
– volume: 19
  start-page: 265
  issue: 3
  year: 1995
  ident: 10.1016/j.future.2019.11.034_b40
  article-title: A fast method for cryptanalysis of substitution ciphers
  publication-title: Cryptologia
  doi: 10.1080/0161-119591883944
– ident: 10.1016/j.future.2019.11.034_b45
  doi: 10.1109/SP.2012.16
– start-page: 1
  year: 2009
  ident: 10.1016/j.future.2019.11.034_b33
  article-title: Building a better similarity trap with statistically improbable features
– volume: 7
  start-page: 21235
  year: 2019
  ident: 10.1016/j.future.2019.11.034_b14
  article-title: A combination method for android malware detection based on control flow graphs and machine learning algorithms
  publication-title: IEEE Access
  doi: 10.1109/ACCESS.2019.2896003
– volume: PP
  issue: 99
  year: 2018
  ident: 10.1016/j.future.2019.11.034_b43
  article-title: Yes, machine learning can be more secure! a case study on android malware detection
  publication-title: IEEE Trans. Dependable Secure Comput.
– volume: 78
  start-page: 987
  year: 2018
  ident: 10.1016/j.future.2019.11.034_b20
  article-title: Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers
  publication-title: Future Gener. Comput. Syst.
  doi: 10.1016/j.future.2017.01.019
– start-page: 55
  year: 2010
  ident: 10.1016/j.future.2019.11.034_b39
  article-title: An android application sandbox system for suspicious software detection
– volume: 9
  start-page: 1
  issue: 1
  year: 2013
  ident: 10.1016/j.future.2019.11.034_b42
  article-title: Chi-squared distance and metamorphic virus detection
  publication-title: J. Comput. Virology Hacking Tech.
  doi: 10.1007/s11416-012-0171-2
– volume: 83
  start-page: 208
  year: 2019
  ident: 10.1016/j.future.2019.11.034_b11
  article-title: MalDAE: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2019.02.007
– start-page: 1105
  year: 2014
  ident: 10.1016/j.future.2019.11.034_b28
  article-title: Drebin: Effective and explainable detection of Android malware in your pocket
– start-page: 447
  year: 2014
  ident: 10.1016/j.future.2019.11.034_b34
  article-title: Evading android runtime analysis via sandbox detection
– volume: 7
  start-page: 50
  issue: 1
  year: 2009
  ident: 10.1016/j.future.2019.11.034_b35
  article-title: Understanding android security
  publication-title: IEEE Secur. Priv.
  doi: 10.1109/MSP.2009.26
– volume: 341
  start-page: 10
  year: 2019
  ident: 10.1016/j.future.2019.11.034_b12
  article-title: AppScalpel: Combining static analysis and outlier detection to identify and prune undesirable usage of sensitive data in android applications
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2019.01.105
– volume: 83
  start-page: 158
  year: 2018
  ident: 10.1016/j.future.2019.11.034_b16
  article-title: FAMOUS: Forensic analysis of mobile devices using scoring of application permissions
  publication-title: Future Gener. Comput. Syst.
  doi: 10.1016/j.future.2018.02.001
– year: 2018
  ident: 10.1016/j.future.2019.11.034_b29
– year: 2019
  ident: 10.1016/j.future.2019.11.034_b2
– volume: 36
  start-page: 3336
  issue: 2
  year: 2009
  ident: 10.1016/j.future.2019.11.034_b44
  article-title: A simple and fast algorithm for K-medoids clustering
  publication-title: Expert Syst. Appl.
  doi: 10.1016/j.eswa.2008.01.039
– year: 2019
  ident: 10.1016/j.future.2019.11.034_b15
  article-title: Machine-Learning based analysis and classification of Android malware signatures
  publication-title: Future Gener. Comput. Syst.
  doi: 10.1016/j.future.2019.03.006
– volume: 6
  start-page: 30996
  year: 2018
  ident: 10.1016/j.future.2019.11.034_b13
  article-title: A novel dynamic android malware detection system with ensemble learning
  publication-title: IEEE Access
  doi: 10.1109/ACCESS.2018.2844349
– year: 2016
  ident: 10.1016/j.future.2019.11.034_b24
  article-title: Madam: Effective and efficient behavior-based Android malware detection and prevention
  publication-title: IEEE Trans. Dependable Secure Comput.
– start-page: 411
  year: 2018
  ident: 10.1016/j.future.2019.11.034_b23
  article-title: Android malware detection methods based on the combination of clustering and classification
– year: 2019
  ident: 10.1016/j.future.2019.11.034_b46
– ident: 10.1016/j.future.2019.11.034_b7
– start-page: 377
  year: 2016
  ident: 10.1016/j.future.2019.11.034_b27
  article-title: Stormdroid: A streaminglized machine learning-based system for detecting android malware
– volume: 31
  start-page: 2225
  issue: 14
  year: 2010
  ident: 10.1016/j.future.2019.11.034_b25
  article-title: Variable selection using random forests
  publication-title: Pattern Recognit. Lett.
  doi: 10.1016/j.patrec.2010.03.014
– year: 2019
  ident: 10.1016/j.future.2019.11.034_b1
– year: 2011
  ident: 10.1016/j.future.2019.11.034_b41
– volume: 78
  start-page: 987
  year: 2018
  ident: 10.1016/j.future.2019.11.034_b8
  article-title: Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers
  publication-title: Future Gener. Comput. Syst.
  doi: 10.1016/j.future.2017.01.019
– volume: 13
  start-page: 125
  issue: 2
  year: 2017
  ident: 10.1016/j.future.2019.11.034_b22
  article-title: Identification of malicious android app using manifest and opcode features
  publication-title: J. Comput. Virology Hacking Tech.
  doi: 10.1007/s11416-016-0277-z
– ident: 10.1016/j.future.2019.11.034_b26
  doi: 10.14722/ndss.2014.23247
– start-page: 152
  year: 2013
  ident: 10.1016/j.future.2019.11.034_b32
  article-title: AndroSimilar: robust statistical feature signature for Android malware detection
– year: 2019
  ident: 10.1016/j.future.2019.11.034_b37
– year: 2009
  ident: 10.1016/j.future.2019.11.034_b4
– start-page: 239
  year: 2018
  ident: 10.1016/j.future.2019.11.034_b6
  article-title: Naïve Bayesian And fuzzy c-means algorithm for mobile malware detection precision
– year: 2017
  ident: 10.1016/j.future.2019.11.034_b5
SSID ssj0001731
Score 2.6177144
Snippet In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are first nearest neighbors (FNN), all...
SourceID crossref
elsevier
SourceType Enrichment Source
Index Database
Publisher
StartPage 230
SubjectTerms Android
Clustering
Hamming distance
K-nearest neighbor (KNN)
Malware detection
Static analysis
Title Similarity-based Android malware detection using Hamming distance of static binary features
URI https://dx.doi.org/10.1016/j.future.2019.11.034
Volume 105
WOSCitedRecordID wos000515213000017&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals 2021
  issn: 0167-739X
  databaseCode: AIEXJ
  dateStart: 19950201
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://www.sciencedirect.com
  omitProxy: false
  ssIdentifier: ssj0001731
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Lb5tAEF65Tg-9NH0qr1Z76M0iggUb9hhFidpIiarGB0s9oGUfAsuGyHHSKD-lv7az7LChSZU2h16wBWaNPR8z3wzzIOSTSMOoABoN2k_LINFcBdxwFhTjUCUy1ZNQhe2wifTsLJvN-NfB4GdXC3O9SOs6u7nhF_9V1LAPhG1LZ58gbr8o7ID3IHTYgthh-0-CP6-WFbirwK4Da6JUm7PYVGq0FIsfNs9L6bV2A8Kv2kCBDV7bV2WppL3PgT_aOqNKjgpXrWt02_7zss9kj9tmJHYCs0YQSRwQgd2hPVmfihLr2b-Jslr6jJ9SlCuxdDOlRqeAKOGPndhMe3xCpW-95Tgvm7kwLiX8tCnhuoXqhy1Y2Mt2wUgmaOg0bufo3qnicNxXpvjExtll5jpzPlD5Lvow33c9WGyyHt-3fVkxRvpbh-17ls_nI3apbvPcrZLbVcA5ymGVZ2SDpWOeDcnGwZej2Ym381GK0y7xh3SFmW324MOr-TPx6ZGZ6SvyEr0QeuDQ85oMdP2GbHYTPigq_Lfk-30wUQQTRTBRDybagokimGgHJtoY6sBEHZhoB6Z3ZHp8ND38HOA4jkCCX7kONDO8KBQTmkku-FhnBug2GNNYZyySmhs4GIpEJIYZJpgwEpx7VYQTYPUyi9-TYd3UeotQFmllJkKCtZSJYpMsDkWkTKHBmEie8G0Sd39VLrFVvZ2YssgfE9Q2CfxZF65Vy18-n3ZSyJFuOhqZA7QePXPnid-0S17c3QJ7ZLheXekP5Lm8XleXq4-Iq1912aok
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Similarity-based+Android+malware+detection+using+Hamming+distance+of+static+binary+features&rft.jtitle=Future+generation+computer+systems&rft.au=Taheri%2C+Rahim&rft.au=Ghahramani%2C+Meysam&rft.au=Javidan%2C+Reza&rft.au=Shojafar%2C+Mohammad&rft.date=2020-04-01&rft.issn=0167-739X&rft.volume=105&rft.spage=230&rft.epage=247&rft_id=info:doi/10.1016%2Fj.future.2019.11.034&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_future_2019_11_034
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-739X&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-739X&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-739X&client=summon