Skip to main content
SpringerLink
Log in

A Robust Malware Detection Approach for Android System Based on Ensemble Learning

  • Conference paper
  • First Online:
Ubiquitous Security (UbiSec 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1557))

Included in the following conference series:

Abstract

As the number of mobile devices which is based on the Android system continues to grow rapidly, it becomes a primary target for security exploitation through undesirable malicious apps (malware) being unwittingly downloaded, which is often due to negligent user behavior patterns that grant unnecessary permissions to malicious apps or simply malware evolving to be sophisticated enough to bypass systematic detection. There have been numerous attempts to use machine learning to capture an application’s malicious behavior focusing on features deemed to be germane to high security risks, but most of them typically focus only on a single algorithm, which is not representative of a huge family of ensemble techniques. In this paper, we develop an ensemble learning based malware detection approach for the Android system. To validate the performance of the proposed approach, we have conducted some experiments on the real world Android app dataset, which contains 3618 features that are initially obtained from the static, dynamic and ICC analyses. We then select 567 important features through feature selection. The overall detection accuracy is 97.73%, accompanied by a high 97.66% F-1 score that reflects a high relationship between precision (97.06%) and recall (98.28%). The experimental results clearly show that the ensemble learning based malware detection approach could effectively identify malware for the Android system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. O'Dea, S.: Market share of mobile operating systems worldwide 2012–2021. https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/. Accessed 29 June 2021

  2. Cisco. Midyear Security Report (2015). http://www.cisco.com/web/offers/pdfs/cisco-msr-2015.pdf

  3. Trend Micro. A Look at Google Bouncer (2012). http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-google-bouncer/

  4. QEMU. 2016. http://wiki.qemu.org/Main_Page

  5. Stefanko, L.: Android Trojan drops in, despite Google’s Bouncer. ESET, 22 September 2015–12:48 pm (2015). http://www.welivesecurity.com/2015/09/22/android-trojan-drops-in-despite-googles-bouncer/

  6. Android Developer. Intents and Intent Filters. https://developer.android.com/guide/components/intents-filters.html

  7. Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Proceedings of the 9th International ICST Conference on Security and Privacy in Communication Networks (Secure Comm), Sydney, NSW, Australia, September 2013, pp. 86–103 (2013). https://doi.org/10.1007/978-3-319-04283-1-6

  8. Liu, K., Xu, S., Xu, G., Zhang, M., Sun, D., Liu, H.: A review of android malware detection approaches based on machine learning. IEEE Access 8, 124579–124607 (2020)

    Google Scholar 

  9. Xu, K., Li, Y., Deng, R.H.: ICCDetector: ICC-based malware detection on android. IEEE Trans. Inf. Forensics Secur. 11(6) (2016)

    Google Scholar 

  10. Munoz, A., Martin, I., Guzman, A., Hernandez, J.A.: Android malware detection from Google Play meta-data: selection of important features. IEEE CNS 2015 poster session (2015)

    Google Scholar 

  11. Android Developers. Manifest permission (2016). http://developer.android.com/reference/android/Manifest.permission.html

  12. Kouliaridis, V., Kambourakis, G.: A Comprehensive survey on machine learning techniques for android malware detection. Information 12, 185 (2021). https://doi.org/10.3390/info12050185

    Article  Google Scholar 

  13. Comar, P.M., Liu, L., Saha, S., Tan, P.-N., Nucci, A.: Combining supervised and unsupervised learning for zero-day malware detection. In: Proceedings of IEEE INFOCOM 2013 (2013)

    Google Scholar 

  14. PC Tools, Symantec. What is a Zero-Day Vulnerability?(2010). http://www.pctools.com/security-news/zero-day-vulnerability/

  15. Yerima, S.Y., Sezer, S., Muttik. I.: High accuracy android malware detection using ensemble learning. IET Inf. Secur. (2015). ISSN:1751-8717. Doi: https://doi.org/10.1049/iet-ifs.2014.0099

  16. Arp, D., Spreitzenbarth, M., Huebner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS 2014, 23–26 February 2014, Internet Society, San Diego (2014). ISBN:1-891562-35-5

    Google Scholar 

  17. Kutyłowski, M., Vaidya, J. (eds.): ESORICS 2014. LNCS, vol. 8712. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9

    Book  MATH  Google Scholar 

  18. Scikit-Learn. Ensemble learning. http://scikit-learn.org/stable/modules/ensemble.html

  19. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9, 1869–1882 (2014)

    Google Scholar 

  20. Lior Rokach, O. Maimon, 2008. Data Mining with Decision Trees: Theory and Applications, 2nd edn. World Scientific Pub Co Inc., Singapore (2007). ISBN: 978-9812771711

    Google Scholar 

  21. Witten, I., Frank, E., Hall, M.: Data Mining, pp. 102–103. Morgan Kaufmann. Burlington (2011). ISBN: 9780-12-374856-0

    Google Scholar 

  22. Gareth, J., Witten, D., Hastie, T., Tibshirani, R.: An Introduction to Statistical Learning, p. 315. Springer, New York (2015). https://doi.org/10.1007/978-1-4614-7138-7. ISBN 978-14614-7137-0

  23. Zenko, B.: Is combining classifiers better than selecting the best one. Mach. Learn. 2004, 255–273 (2004)

    MATH  Google Scholar 

  24. Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning, 2nd edn., Springer, New York (2008). https://doi.org/10.1007/978-0-387-84858-7. ISBN:0-387-95284-5

  25. Lin, Y., Jeon, Y.: Random forests and adaptive nearest neighbors (Technical report). Technical Report No. 1055. University of Wisconsin (2002)

    Google Scholar 

  26. Breiman, L.: Arcing [Boosting] is more successful than bagging in variance reduction. Bias, variance, and arcing classifiers. Technical Report (1996), Accessed 19 Jan 2015

    Google Scholar 

  27. Kaggle. Ensembling Guide. https://mlwave.com/kaggle-ensembling-guide/

  28. Enck, W., Ongtang, M., Mcdaniel, P.: On lightweight mobile phone application certification. In: ACM Conference on Computer and Communications Security, pp. 235–245 (2009)

    Google Scholar 

  29. Scikit-Learn, Extra Tree Classifier. https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.ExtraTreesClassifier.html

  30. Li, W., Ge, J., Dai, G.: Detecting malware for android platform: an SVM-based approach. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, pp. 464–469. IEEE (2015)

    Google Scholar 

  31. Wang, Z., Cai, J., Cheng, S., Li. W.: DroidDeepLearner: identifying android malware using deep learning. In: 2016 IEEE 37th Sarnoff Symposium, pp. 160–165. IEEE (2016)

    Google Scholar 

  32. Monica, K., Li, W.: Lightweight malware detection based on machine learning algorithms and the android manifest file. In: 2016 IEEE MIT Undergraduate Research Technology Conference (URTC), pp. 1–3. IEEE (2016)

    Google Scholar 

  33. Li, W., Wang, Z., Cai, J., Cheng, S.: An android malware detection approach using weight-adjusted deep learning. In: 2018 International Conference on Computing, Networking and Communications (ICNC), pp. 437–441. IEEE (2018)

    Google Scholar 

  34. Su, X., Liu, X., Lin, J., He, S., Zhangjie, F., Li, W.: De-cloaking malicious activities in smartphones using HTTP flow mining. KSII Trans. Internet Inf. Syst. (TIIS) 11(6), 3230–3253 (2017)

    Google Scholar 

  35. Li, W., Bala, N., Ahmar, A., Tovar, F., Battu, A., Bambarkar, P.: A robust malware detection approach for android system against adversarial example attacks. In: 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), pp. 360–365. IEEE (2019)

    Google Scholar 

  36. Su, X., Xiao, L., Li, W., Liu, X., Li, K.-C., Liang, W.: DroidPortrait: android malware portrait construction based on multidimensional behavior analysis. Appl. Sci. 10(11), 3978 (2020)

    Article  Google Scholar 

  37. Bala, N., Ahmar, A., Li, W., Tovar, F., Battu, A., Bambarkar, P.: DroidEnemy: battling adversarial example attacks for Android malware detection. Digit. Commun. Netw. (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, New York Institute of Technology, New York, NY, 10023, USA

    Wenjia Li, Juecong Cai, Zi Wang & Sihua Cheng

Authors
  1. Wenjia Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Juecong Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sihua Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wenjia Li .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. University of Queensland, Brisbane, QLD, Australia

    Ryan K. L. Ko

  4. Hunan University, Changsha, China

    Yang Xu

  5. University of Trento, Trento, Italy

    Bruno Crispo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, W., Cai, J., Wang, Z., Cheng, S. (2022). A Robust Malware Detection Approach for Android System Based on Ensemble Learning. In: Wang, G., Choo, KK.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds) Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science, vol 1557. Springer, Singapore. https://doi.org/10.1007/978-981-19-0468-4_23

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-0468-4_23

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-0467-7

  • Online ISBN: 978-981-19-0468-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation