{"id":16781,"date":"2019-11-05T10:52:30","date_gmt":"2019-11-05T18:52:30","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/11\/05\/news-10520\/"},"modified":"2019-11-05T10:52:30","modified_gmt":"2019-11-05T18:52:30","slug":"news-10520","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/11\/05\/news-10520\/","title":{"rendered":"Paper: Dexofuzzy: Android malware similarity clustering method using opcode sequence"},"content":{"rendered":"

The sharp rise in Android<\/em> malware in recent years has led security researchers to look for efficient ways to cluster related samples, especially since the tools used for Windows<\/em> malware don’t always work well for other platforms.<\/p>\n

Today, we publish a paper by Shinho Lee, Wookhyun Jung, Sangwon Kim, Jihyun Lee, Jun-Seob Kim, all researchers from ESTsecurity<\/em> in South Korea. In it, they propose ‘Dexofuzzy’, a fuzzy hash based on opcode inside Dex files. As such, the hash is tailored for Android<\/em> samples.<\/p>\n

In their paper, they demonstrate how Dexofuzzy could be used to find 74 clusters in a large dataset of Android<\/em> malware.<\/p>\n

\"dexofuzzy-fig20.png\"Clustering malware samples by types of packers.<\/span><\/p>\n

You can read the paper in both HTML<\/a> and PDF<\/a> format. Those interested in fuzzy hashes and their application to clustering of large malware datasets may also want to read a paper <\/a>published in 2015 in which Brian Wallace looks at ssDeep, the algorithm which forms the basis of Dexofuzzy.<\/p>\n

\u00a0<\/p>\n

outertext
https:\/\/www.virusbulletin.com\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"


We publish a paper by researchers from ESTsecurity in South Korea, who describe a fuzzy hashing algorithm for clustering Android malware datasets. <\/p>\n

Read more<\/a> <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[23177,10378,23176],"tags":[],"class_list":["post-16781","post","type-post","status-publish","format-standard","hentry","category-magazine","category-security","category-virusbulletin"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16781"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16781\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16781"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}