Abstract
In this paper, we develop four malware detection methods using Hamming distance to find similarity between samples which are
first nearest neighbors (FNN), all nearest neighbors (ANN), weighted all nearest neighbors (WANN), and k-medoid based nearest
neighbors (KMNN). In our proposed methods, we can trigger the alarm if we detect an Android app is malicious. Hence, our
solutions help us to avoid the spread of detected malware on a broader scale. We provide a detailed description of the proposed
detection methods and related algorithms. We include an extensive analysis to asses the suitability of our proposed similaritybased detection methods. In this way, we perform our experiments on three datasets, including benign and malware Android
apps like Drebin, Contagio, and Genome. Thus, to corroborate the actual effectiveness of our classifier, we carry out performance
comparisons with some state-of-the-art classification and malware detection algorithms, namely Mixed and Separated solutions,
the program dissimilarity measure based on entropy (PDME) and the FalDroid algorithms. We test our experiments in a different
type of features: API, intent, and permission features on these three datasets. The results confirm that accuracy rates of proposed
algorithms are more than 90% and in some cases (i.e., considering API features) are more than 99%, and are comparable with
existing state-of-the-art solutions.