Android malware detection via an app similarity graph

Tatiana Frenklach, Dvir Cohen, Asaf Shabtai, Rami Puzis

Research output: Contribution to journalArticlepeer-review

30 Scopus citations


Due to the ever-increasing number of Android applications and constant advances in software development techniques, there is a need for scalable and flexible malware detectors that can efficiently address big data challenges. Motivated by large-scale recommender systems, we propose a static Android application analysis method which relies on an app similarity graph (ASG). We believe that the key to classifying app's behavior lies in their common reusable building blocks, e.g. functions, in contrast to expert based features. We demonstrate our method on the Drebin benchmark in both balanced and unbalanced settings, on a brand new VTAz dataset from 2020, and on a dataset of approximately 190K applications provided by VirusTotal, achieving an accuracy of 0.975 in balanced settings, and AUC score of 0.987. The analysis and classification time of the proposed methods are notably lower than in the reviewed research (from 0.08 to 0.153 sec/app).

Original languageEnglish
Article number102386
JournalComputers and Security
StatePublished - 1 Oct 2021


  • Android
  • Graph representations
  • Machine learning
  • Malware detection
  • Matrix factorization
  • Node embedding
  • Recommender system
  • Static analysis

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Android malware detection via an app similarity graph'. Together they form a unique fingerprint.

Cite this