Andro-Simnet: Malware classification system based on the similarity network of malware

1. Introduction

Andro-Simnet is an malware classification system based on the similarity network of malware. We applied a social network analysis method to our system so that it can classify malware into one's family accroding to the similar relation of malware. We used features, which are permission, API call sequence, refered file name, activity name, to get the final similarity of malware. Therefore, Andro-Simnet can classify malware samples with signature-based information and behavior-based information.

2. Publication

3. Demo Video

4. Dataset Release

For academic purposes, we are happy to release our dataset. If you use our dataset in your experiment, please cite our paper.

  • Contact : Huy Kang Kim (cenda at

  • If you want to download dataset, please fill out the questionnaire at the following URL.

  • Before downloading it, please read the following instructions carefully.

    • (1) The most of samples are zipped using 7zip.

    • (2) Then send e-mail to cenda at to get the decompress password. (Please identify your name, affiliation and purpose.)

    • (3) Please use these samples at your own risk.

  • Dataset Download Link: Download

5. Acknowledgement

Andro-Simnet is developed by Hacking and Countermeasure Research Lab in the Graduate School of Information Security at the Korea University of Korea.

Please contact “Huy Kang Kim” (cenda at if you have any question.