2015
DOI: 10.1016/j.jisa.2014.10.011
|View full text |Cite
|
Sign up to set email alerts
|

AndroSimilar: Robust signature for detecting variants of Android malware

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
66
0
1

Year Published

2016
2016
2022
2022

Publication Types

Select...
4
3

Relationship

0
7

Authors

Journals

citations
Cited by 63 publications
(67 citation statements)
references
References 2 publications
0
66
0
1
Order By: Relevance
“…In particular, we check that the proposed approach/methodology 1) meets market constraints (in terms of scalability and usability in practice), 2) is evaluated based on a constructed reference dataset (whatever its size and representativeness), 3) explicitly accounts for app obfuscation (to any extent), and 4) attempts to reduce the noise of common libraries. Details in Table 3 show that no approach addresses all challenges, with Market-scale constraints being the least tackled in the [36] Symptom discovery string offset order CodeMatch [19] Similarity Comparison code fuzzy hash FUIDroid [22] Similarity Comparison layout tree APPraiser [23] Similarity Comparison resource files RepDroid [24] Similarity Comparison layout group graph SimiDroid [25] Similarity Comparison method statements, resource files, components GroupDroid [26] Similarity Comparison control flow graph CLANdroid [27] Similarity Comparison Identifiers, APIs, Intents, Permissions, and Sensors Li et al [31] Similarity Comparison method-level signature RepDetector [33] Similarity Comparison inputs/outputs of methods Wu et al [44] Similarity Comparison HTTP distance FSquaDRA2 [30] Similarity Comparison signature of resource files SUIDroid [34] Similarity Comparison layout tree DroidClone [29] Similarity Comparison control flow pattern Niu et al [32] Similarity Comparison method-level signature AndroSimilar2 [37] Similarity Comparison entropy of byte block AndroSimilar [62] Similarity Comparison entropy of byte block DroidEagle [39] Similarity Comparison visual resources ImageStruct [40] Similarity Comparison images Soh et al [43] Similarity Comparison user interfaces Chen et al [38] Similarity Comparison method-level signature powered by NiCad [89] MassVet [41] Similarity Comparison centroid of UI structures, method-call graphs DroidKin [50] Similarity Comparison meta-info and n-gram bytecode/opcode Ruiz et al [58] Similarity Comparison count-, set-, sequence-, and relationship-based objects Linares-Vásquez et al [55] Similarity Comparison count-, set-, sequence-, and relationship-based objects Chen et al…”
Section: Taxonomy Of Approachesmentioning
confidence: 99%
See 1 more Smart Citation
“…In particular, we check that the proposed approach/methodology 1) meets market constraints (in terms of scalability and usability in practice), 2) is evaluated based on a constructed reference dataset (whatever its size and representativeness), 3) explicitly accounts for app obfuscation (to any extent), and 4) attempts to reduce the noise of common libraries. Details in Table 3 show that no approach addresses all challenges, with Market-scale constraints being the least tackled in the [36] Symptom discovery string offset order CodeMatch [19] Similarity Comparison code fuzzy hash FUIDroid [22] Similarity Comparison layout tree APPraiser [23] Similarity Comparison resource files RepDroid [24] Similarity Comparison layout group graph SimiDroid [25] Similarity Comparison method statements, resource files, components GroupDroid [26] Similarity Comparison control flow graph CLANdroid [27] Similarity Comparison Identifiers, APIs, Intents, Permissions, and Sensors Li et al [31] Similarity Comparison method-level signature RepDetector [33] Similarity Comparison inputs/outputs of methods Wu et al [44] Similarity Comparison HTTP distance FSquaDRA2 [30] Similarity Comparison signature of resource files SUIDroid [34] Similarity Comparison layout tree DroidClone [29] Similarity Comparison control flow pattern Niu et al [32] Similarity Comparison method-level signature AndroSimilar2 [37] Similarity Comparison entropy of byte block AndroSimilar [62] Similarity Comparison entropy of byte block DroidEagle [39] Similarity Comparison visual resources ImageStruct [40] Similarity Comparison images Soh et al [43] Similarity Comparison user interfaces Chen et al [38] Similarity Comparison method-level signature powered by NiCad [89] MassVet [41] Similarity Comparison centroid of UI structures, method-call graphs DroidKin [50] Similarity Comparison meta-info and n-gram bytecode/opcode Ruiz et al [58] Similarity Comparison count-, set-, sequence-, and relationship-based objects Linares-Vásquez et al [55] Similarity Comparison count-, set-, sequence-, and relationship-based objects Chen et al…”
Section: Taxonomy Of Approachesmentioning
confidence: 99%
“…Finally, we investigate how the accuracy of repackaged [19] (10000,100000) DR-Droid2 [20] (1000,10000) DAPASA [21] (10000,100000) FUIDroid [22] (10000,100000) APPraiser [23] (1000000, ∞) RepDroid [24] (100,1000) SimiDroid [25] (1000,10000) GroupDroid [26] (1000,10000) CLANdroid [27] (10000,100000) DR-Droid [28] (1000,10000) DroidClone [29] (100,1000) FSquaDRA2 [30] (1000,10000) Li et al [31] α (1000000, ∞) Niu et al [32] -RepDetector [33] (1000,10000) SUIDroid [34] (100000,1000000) Kim et al [35] (100,1000) AndroidSOO [36] (10000,100000) AndroSimilar2 [37] (10000,100000) Chen et al [38] (1000,10000) DroidEagle [39] (1000000, ∞) ImageStruct [40] (10000,100000) MassVet [41] (1000000, ∞) PICARD [42] (0,100) Soh et al [43] (100,1000) Wu et al [44] (1000,10000) WuKong [45] (100000,1000000) AnDarwin2 [46] (100000,1000000) AndRadar [47] (100000,1000000) Chen et al [48] (10000,100000) DIVILAR [49] (0,100) DroidKin [50] (1000,10000) DroidLegacy [51] (1000,10000) DroidMarking [9] (100,1000) DroidSim [52] (100,1000) FSquaDRA [53] (10000,100000) Kywe et al [54] (10000,100000) Linares-Vásquez et al [55] α (10000,100000) PlayDrone [56] α (1000000, ∞) ResDroid [57] (1000...…”
Section: Review Of Evaluation Setups and Artefactsmentioning
confidence: 99%
“…We selected DroidLegacy [20], because of their use of n-fold cross validation for evaluating the performance of their detector. Like DroidNative, DroidSift and AndroSimilar [27] Anti-malware [20] 92.73% 20.83% 48 / 743 AndroSimilar [27] 76.48% 1.46% 21132 / 455 also test their techniques on malware variants generated through obfuscations. Table 4 gives a comparison of DroidNative with these three approaches.…”
Section: Comparison With Existing Researchmentioning
confidence: 99%
“…DroidNative-SWOD is similar to AndroSimilar [27], which is based on SDHash [38] and is most likely to detect very similar objects, and that's why it produces low DRs. DroidNative-SWOD is a trade off between accuracy and efficiency, and detects similar objects at a coarse level, therefore it produces high DRs.…”
Section: Comparison With Existing Researchmentioning
confidence: 99%
See 1 more Smart Citation