COMPUTER SCIENCE
and ENGINEERING

Android is the popular mobile operating system, and it has been attracting many developers and malware software authors into the field. It is becoming critical to identify the malicious program in the large count of mobile applications, whereas similarity comparison methods have been proposed earlier to detect malware. However, most of the works focus on detecting malicious program from benign and malware, and they did not consider the details of similarity between malicious programs. In this paper, we propose an approach based on key function call graph to extract similar module between malware which could be used to detect malicious programs on Android platform. The proposed method employs Android system API call sequences to construct the similar module between two malicious programs. The experiments on real-world dataset demonstrate that the proposed approach is effective for extracting similar modules between malware.

API sequences, Similar module, Android malware, Key function call graph