The daily amount of Android malicious applications (apps) targeting the app repositories is increasing, and their number is overwhelming the process of fingerprinting. To address this issue, we propose an enhanced Cypider framework, a set of techniques and tools aiming to perform a systematic detection of mobile malware by building a scalable and obfuscation resilient similarity network infrastructure of malicious apps. Our approach is based on our proposed concept, namely malicious community, in which we consider malicious instances that share common features are the most likely part of the same malware family. Using this concept, we presumably assume that multiple similar Android apps with different authors are most likely to be malicious. Specifically, Cypider leverages this assumption for the detection of variants of known malware families and zero-day malicious apps. Cypider applies community detection algorithms on the similarity network, which extracts sub-graphs considered as suspicious and possibly malicious communities. Furthermore, we propose a novel fingerprinting technique, namely community fingerprint, based on a one-class machine learning model for each malicious community. Besides, we proposed an enhanced Cypider framework, which requires less memory, ≈ x650%, and less time to build the similarity network, ≈ x700, compared to the original version, without affecting the fingerprinting performance of the framework. We introduce a systematic approach to locate the best threshold on different feature content vectors, which simplifies the overall detection process. Cypider shows excellent results by detecting $60-80\%$ coverage of the malware dataset in one detection iteration with higher precision $85-99\%$ in the detected malicious communities. On the other hand, the community fingerprints are promising as we achieved 86%, 93%, and 94% in the detection of the malware family, general malware, and benign apps, respectively.

每天针对应用程序存储库的Android恶意应用程序（应用程序）的数量正在增加，并且其数量正在压倒指纹过程。为解决此问题，我们提出了一个增强的Cypider框架，该技术和工具旨在通过建立可扩展的，模糊的，具有复原力的，相似性强的恶意应用程序网络基础架构来对移动恶意软件进行系统检测。我们的方法基于我们提出的概念（即恶意社区），在该概念中，我们认为具有相同功能的恶意实例是同一恶意软件家族中最有可能的一部分。使用这个概念，我们大概假设具有不同作者的多个相似Android应用程序很可能是恶意的。具体来说，Cypider利用此假设来检测已知恶意软件家族和零时差恶意应用的变体。Cypider在相似性网络上应用社区检测算法，该算法提取被视为可疑和可能是恶意社区的子图。此外，基于每个恶意社区的一类机器学习模型，我们提出了一种新颖的指纹技术，即社区指纹。此外，我们提出了一种增强Cypider框架，它需要较少的存储器，≈  X 650％，且小于构建相似网络，≈时间 X700，与原始版本相比，不影响框架的指纹识别性能。我们引入了一种系统的方法来在不同的特征内容向量上定位最佳阈值，从而简化了整个检测过程。Cypider通过检测显示出优异的结果$60-80％$ 在一次检测迭代中以更高的精度覆盖恶意软件数据集 $85-99％$在检测到的恶意社区中。另一方面，社区指纹是有前途的，因为我们在检测到恶意软件家族，普通恶意软件和良性应用程序方面分别达到了86％，93％和94％。