loading page

LimonDroid: Coupling Three Signature-based Schemes for Profiling Android  Malware
  • +1
  • Franklin Tchakounté,
  • Roger Corneille Ndjeumou Ngassi ,
  • Vivient Corneille Kamla,
  • Kalum Priyanath Udagepola
Franklin Tchakounté
Faculty of Science, University of Ngaoundéré, Cameroon
Author Profile
Roger Corneille Ndjeumou Ngassi
Faculty of Science, University of Ngaoundéré, Cameroon
Vivient Corneille Kamla
National School of Agro-Industrial Science, University of Ngaoundéré, Cameroon
Kalum Priyanath Udagepola
Scientific Research Development Institute of Technology, Australia


Android remains an interesting target to attackers due to its openness. There is still a big concern to provide  efficient solutions. Authors propose similarity measurement such as fuzzy hashing to fight against code obfuscation  technique but they suffer from limited signature database. To improve the update and the consistency of the signature  database, this work combines fuzzy hashing to YARA rules and VirusTotal signature-based schemes. A Desktop security  tool, Limon Sandbox, that includes such schemes, is reverse-engineered and implemented to work on Android. Limon-Droid has been tested with 341 malicious and 300 benign applications on a database of 12925 fuzzy-hashed malware  signatures, 62 YARA families’s patterns and VirusTotal engine. Our approach gives a true positive rate of 97.36%, a  true negative rate of 98.33% and an accuracy of 97.82%. In addition, the proposed system outperforms permission-based solutions and is able to reveal obfuscated malicious capabilities inside applications. A comparison with similarity-based  solutions reveal that LimonDroid is more efficient for users. It could be able identify profiles of zero-day Android mal-ware due to its database construction.