Paper: Dexofuzzy: Android malware similarity clustering method using opcode sequence

Posted by   Martijn Grooten on   Nov 5, 2019

The sharp rise in Android malware in recent years has led security researchers to look for efficient ways to cluster related samples, especially since the tools used for Windows malware don't always work well for other platforms.

Today, we publish a paper by Shinho Lee, Wookhyun Jung, Sangwon Kim, Jihyun Lee, Jun-Seob Kim, all researchers from ESTsecurity in South Korea. In it, they propose 'Dexofuzzy', a fuzzy hash based on opcode inside Dex files. As such, the hash is tailored for Android samples.

In their paper, they demonstrate how Dexofuzzy could be used to find 74 clusters in a large dataset of Android malware.

dexofuzzy-fig20.pngClustering malware samples by types of packers.

You can read the paper in both HTML and PDF format. Those interested in fuzzy hashes and their application to clustering of large malware datasets may also want to read a paper published in 2015 in which Brian Wallace looks at ssDeep, the algorithm which forms the basis of Dexofuzzy.

Dexofuzzy: Android malware similarity clustering method using opcode sequence

Read the paper (HTML)

Download the paper (PDF)




Latest posts:

VB2019 paper: Operation Soft Cell - a worldwide campaign against telecommunication providers

Today we publish the VB2019 paper by Cybereason researchers Mor Levi, Amit Serper and Assaf Dahan on Operation Soft Cell, a targeted attack against telecom providers around the world.

VB2019 paper: A study of Machete cyber espionage operations in Latin America

At VB2019 in London a group of researchers from the Stratosphere Lab at the Czech Technical University in Prague presented a paper in which they analysed and dissected the cyber espionage activities of an APT group in Latin America through the…

VB2019 paper: The push from fiction for increased surveillance, and its impact on privacy

In a paper presented at VB2019 in London, researchers Miriam Cihodariu (Heimdal Security) and Andrei Bogdan Brad (Code4Romania) looked at how surveillance is represented in fiction and how these representations are shaping people's attitudes to…

VB2019 paper: Oops! It happened again!

At VB2019 in London industry veterans Righard Zwienenberg and Eddy Willems took a detailed look at the relationship between past and current cyber threats. Today, we publish both their paper and the recording of their presentation.

Job vacancy at VB: Security Evangelist

Virus Bulletin is recruiting for a person to be the public face of the company

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.