FLSH: A Framework Leveraging Similarity Hashing for Android Malware and Variant Detection

As technology advances, the frequency and complexity of cyberattacks continue to rise, with Android OS, given its significant market share, becoming a prime target for sophisticated malware attacks. While the core categories of malware remain consistent, minor modifications often allow these variants to evade detection, posing significant challenges for security systems. To address this, various techniques and algorithms have been employed to improve malware detection and classification. In this paper, we focus on leveraging fuzzy hashes to calculate the similarity index between files, aiding in the identification of malicious content within seemingly legitimate APK files. Our research enhances the accuracy and reliability of fuzzy hashes, particularly for static features, in detecting Android malware and its variants. Unlike traditional approaches, our method employs a distinctive static feature-based fuzzy hashing technique. We conducted experiments on a dataset of 2000 APK files, including both benign and malicious samples, and classified malware into six categories trojan, adware, spyware, virus, downloader, and hacktool. The results showed a significant improvement in precision, recall, and F-measure, achieving an overall accuracy of 96.67%, without relying on complex machine learning or deep learning methods.