Evaluation of Advanced Ensemble Learning Techniques for Android Malware Detection

Rana, Md. Shohel; Sung, Andrew H.

doi:10.1142/s2196888820500086

Cited by 17 publications

(8 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 3 presents a statistical summary of Table 5. As already discussed above and highlighted by the figure too, API calls [125]- [136] and intents [96]- [100] account for 65.38% and 41.53% usage respectively, i.e., out of the total research papers used in this review, majority of them utilized API calls or intents in combination with permissions. The third most commonly used feature is another static feature called hardware components [194]- [195], and it accounts for 16.15% of the total.…”

Section: Fig 3: Statistics Depicting the Usage Of Features In Combina...mentioning

confidence: 84%

“…McLauglin [68] McAfee, vendor's internal dataset Wang et al [69] Mal com1, Mal com2 and Mal Zhou [220] Grace et al [70] Github Liu et al [71] VirusShare Bayazit et al [72] CICInvesAndMal2019 Lee et al [73] Andro-AutoPsy Dataset [221] Zhu et al [74] MUDFLOW [222], VirusShare Almahmoud et al [75] CIC-AndMal2017, CIC-InvesAndMal2019, CIC-MalDroid2020 Feng et al [76] CICAndMal2017 Kandu et al [77] Genome Arora et al [78] Genome Ding et al [79] CICInvesAndMal2019 Sahin et al [80] M0Droid [223], AMD, Kaggle, [224] Idrees et al [81] Contagio, Drebin, Genome, Virus Total, theZoo, MalShare, VirusShare Khariwal et al [82] Genome, Drebin, Koodous Idrees et al [83] Contagio, VirusTotal, appsapk, Androidmob Zhu et al [15] VirusShare Bai et al [84] Drebin Taheri et al [85] Drebin, Contagio, Genome Alazab et al [86] AndroZoo, Contagio, MalShare, VirusShare, VirusTotal Mathur et al [87] Androzoo, AMD Imtiaz et al [88] CICInves AndMal2019 Liu et al [89] OmniDroid, CIC2019, CIC2020 Chen et al [90] VirusShare Guan et al [91] VirusShare Mohamed et al [92] Genome, Maldroid Varma et al [93] CICInvesAnd Mal2019 Gyunka et al [94] Genome, Contagio Taha et al [95] Drebin Peng et al [96] CICMalDroid 2020, CIC-InvesAndMal 2019, Drebin Ashwini et al [97] Drebin Jiang et al [98] Genome, Andro MalShare Wang et al [99] Information Security Lab of Peking University Rana et al …”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A comprehensive review on permissions-based Android malware detection

Sharma,

Arora

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

The first Android-ready "G1" phone debuted in late October 2008. Since then, the growth of Android malware has been explosive analogous to the rise in the popularity of Android. The major positive aspect of Android has been its open-source nature, which empowers app developers to expand their work. But at the same time, authors with malicious intentions pose grave threats to users. In the presence of such threats, Android malware detection is the need of an hour. Consequently, researchers have proposed various techniques involving static, dynamic, and hybrid analysis to address such threats using numerous features in the last decade. But the feature that most researchers have extensively used to perform malware analysis and detection in Android security is Android permission. Hence, to provide a clarified overview of the latest and past work done in Android malware analysis and detection, we perform a comprehensive literature review using permissions as a central feature or in combination with other components by collecting and analyzing 200 studies from January 2009 to February 2023. We extracted information such as the choice opted by researchers between analysis or detection, techniques used to select or rank the permissions feature set, features used along with permissions, detection models employed, the malware datasets used by researchers, and lastly, the limitations and challenges in the field of Android malware detection to propose some future research directions. Additionally, based on the information extracted, we answer the six research questions designed considering the above factors.

show abstract

Section: Fig 3: Statistics Depicting the Usage Of Features In Combina...mentioning

confidence: 84%

Section: Related Workmentioning

confidence: 99%

A comprehensive review on permissions-based Android malware detection

Sharma,

Arora

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…Zhao et al [11] aimed to improve the accuracy of Android malware detection by employing boosting and bagging. Rana and Sung [12] achieved improved accuracy in Android malware detection by combining multiple machine learning classifiers within ensemble learning. Yerima and Sezer [13] proposed a novel multi-level structured classifier fusion approach, training lower-level Android base classifiers to generate models and using a ranking algorithm to select the final classifier, then assigning weights to the prediction results of the selected classifier based on the prediction accuracy of higher-level base classifiers.…”

Section: Related Workmentioning

confidence: 99%

SSCL-TransMD: Semi-Supervised Continual Learning Transformer for Malicious Software Detection

Kou,

Zhao,

Han

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

Machine learning-based malware (malicious software) detection methods have a wide range of real-world applications. However, these types of approaches suffer from the fatal problem of “model aging”, in which the validity of the model decreases rapidly as the malware continues to evolve and variants emerge continuously. The model aging problem is usually solved by model retraining, which relies on lots of labeled samples obtained at great expense. To address this challenge, this paper proposes a semi-supervised continuous learning malware detection model based on Transformer. Firstly, this model improves the lifelong semi-supervised mixture algorithm to dynamically adjust the weighted combination of new sample sequences and historical ones to solve the imbalance problem. Secondly, the Learning with Local and Global Consistency algorithm is used to iteratively compute similarity scores for the unlabeled samples in the mixed samples to obtain pseudo-labels. Lastly, the Multilayer Perceptron is applied for malware classification. To validate the effectiveness of the model, this paper conducts experiments on the CICMalDroid2020 dataset. The experimental results show that the proposed model performs better than existing deep learning detection models. The F1 score has an average improvement of 1.27% compared to other models when conducting binary classification. And, after inputting hybrid samples, including historical data and new data, four times, the F1 score is still 1.96% higher than other models.

show abstract

“…Rana et al [ 20 ] proposed and evaluated various machine learning algorithms by applying an ensemble-based learning approach to identify Android malware associated with a substring-based classifier feature selection (SBFS) strategy. They used the DREBIN dataset and achieved better results with an ensemble learning approach.…”

Section: Related Workmentioning

confidence: 99%

MFDroid: A Stacking Ensemble Learning Framework for Android Malware Detection

Wang

Zhang

Zhao

et al. 2022

Sensors

View full text Add to dashboard Cite

As Android is a popular a mobile operating system, Android malware is on the rise, which poses a great threat to user privacy and security. Considering the poor detection effects of the single feature selection algorithm and the low detection efficiency of traditional machine learning methods, we propose an Android malware detection framework based on stacking ensemble learning—MFDroid—to identify Android malware. In this paper, we used seven feature selection algorithms to select permissions, API calls, and opcodes, and then merged the results of each feature selection algorithm to obtain a new feature set. Subsequently, we used this to train the base learner, and set the logical regression as a meta-classifier, to learn the implicit information from the output of base learners and obtain the classification results. After the evaluation, the F1-score of MFDroid reached 96.0%. Finally, we analyzed each type of feature to identify the differences between malicious and benign applications. At the end of this paper, we present some general conclusions. In recent years, malicious applications and benign applications have been similar in terms of permission requests. In other words, the model of training, only with permission, can no longer effectively or efficiently distinguish malicious applications from benign applications.

show abstract

Evaluation of Advanced Ensemble Learning Techniques for Android Malware Detection

Cited by 17 publications

References 16 publications

A comprehensive review on permissions-based Android malware detection

A comprehensive review on permissions-based Android malware detection

SSCL-TransMD: Semi-Supervised Continual Learning Transformer for Malicious Software Detection

MFDroid: A Stacking Ensemble Learning Framework for Android Malware Detection

Contact Info

Product

Resources

About