Abstract
As the number of mobile devices which is based on the Android system continues to grow rapidly, it becomes a primary target for security exploitation through undesirable malicious apps (malware) being unwittingly downloaded, which is often due to negligent user behavior patterns that grant unnecessary permissions to malicious apps or simply malware evolving to be sophisticated enough to bypass systematic detection. There have been numerous attempts to use machine learning to capture an application’s malicious behavior focusing on features deemed to be germane to high security risks, but most of them typically focus only on a single algorithm, which is not representative of a huge family of ensemble techniques. In this paper, we develop an ensemble learning based malware detection approach for the Android system. To validate the performance of the proposed approach, we have conducted some experiments on the real world Android app dataset, which contains 3618 features that are initially obtained from the static, dynamic and ICC analyses. We then select 567 important features through feature selection. The overall detection accuracy is 97.73%, accompanied by a high 97.66% F-1 score that reflects a high relationship between precision (97.06%) and recall (98.28%). The experimental results clearly show that the ensemble learning based malware detection approach could effectively identify malware for the Android system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
O'Dea, S.: Market share of mobile operating systems worldwide 2012–2021. https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/. Accessed 29 June 2021
Cisco. Midyear Security Report (2015). http://www.cisco.com/web/offers/pdfs/cisco-msr-2015.pdf
Trend Micro. A Look at Google Bouncer (2012). http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-google-bouncer/
QEMU. 2016. http://wiki.qemu.org/Main_Page
Stefanko, L.: Android Trojan drops in, despite Google’s Bouncer. ESET, 22 September 2015–12:48 pm (2015). http://www.welivesecurity.com/2015/09/22/android-trojan-drops-in-despite-googles-bouncer/
Android Developer. Intents and Intent Filters. https://developer.android.com/guide/components/intents-filters.html
Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: mining API-level features for robust malware detection in Android. In: Proceedings of the 9th International ICST Conference on Security and Privacy in Communication Networks (Secure Comm), Sydney, NSW, Australia, September 2013, pp. 86–103 (2013). https://doi.org/10.1007/978-3-319-04283-1-6
Liu, K., Xu, S., Xu, G., Zhang, M., Sun, D., Liu, H.: A review of android malware detection approaches based on machine learning. IEEE Access 8, 124579–124607 (2020)
Xu, K., Li, Y., Deng, R.H.: ICCDetector: ICC-based malware detection on android. IEEE Trans. Inf. Forensics Secur. 11(6) (2016)
Munoz, A., Martin, I., Guzman, A., Hernandez, J.A.: Android malware detection from Google Play meta-data: selection of important features. IEEE CNS 2015 poster session (2015)
Android Developers. Manifest permission (2016). http://developer.android.com/reference/android/Manifest.permission.html
Kouliaridis, V., Kambourakis, G.: A Comprehensive survey on machine learning techniques for android malware detection. Information 12, 185 (2021). https://doi.org/10.3390/info12050185
Comar, P.M., Liu, L., Saha, S., Tan, P.-N., Nucci, A.: Combining supervised and unsupervised learning for zero-day malware detection. In: Proceedings of IEEE INFOCOM 2013 (2013)
PC Tools, Symantec. What is a Zero-Day Vulnerability?(2010). http://www.pctools.com/security-news/zero-day-vulnerability/
Yerima, S.Y., Sezer, S., Muttik. I.: High accuracy android malware detection using ensemble learning. IET Inf. Secur. (2015). ISSN:1751-8717. Doi: https://doi.org/10.1049/iet-ifs.2014.0099
Arp, D., Spreitzenbarth, M., Huebner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS 2014, 23–26 February 2014, Internet Society, San Diego (2014). ISBN:1-891562-35-5
Kutyłowski, M., Vaidya, J. (eds.): ESORICS 2014. LNCS, vol. 8712. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9
Scikit-Learn. Ensemble learning. http://scikit-learn.org/stable/modules/ensemble.html
Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9, 1869–1882 (2014)
Lior Rokach, O. Maimon, 2008. Data Mining with Decision Trees: Theory and Applications, 2nd edn. World Scientific Pub Co Inc., Singapore (2007). ISBN: 978-9812771711
Witten, I., Frank, E., Hall, M.: Data Mining, pp. 102–103. Morgan Kaufmann. Burlington (2011). ISBN: 9780-12-374856-0
Gareth, J., Witten, D., Hastie, T., Tibshirani, R.: An Introduction to Statistical Learning, p. 315. Springer, New York (2015). https://doi.org/10.1007/978-1-4614-7138-7. ISBN 978-14614-7137-0
Zenko, B.: Is combining classifiers better than selecting the best one. Mach. Learn. 2004, 255–273 (2004)
Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning, 2nd edn., Springer, New York (2008). https://doi.org/10.1007/978-0-387-84858-7. ISBN:0-387-95284-5
Lin, Y., Jeon, Y.: Random forests and adaptive nearest neighbors (Technical report). Technical Report No. 1055. University of Wisconsin (2002)
Breiman, L.: Arcing [Boosting] is more successful than bagging in variance reduction. Bias, variance, and arcing classifiers. Technical Report (1996), Accessed 19 Jan 2015
Kaggle. Ensembling Guide. https://mlwave.com/kaggle-ensembling-guide/
Enck, W., Ongtang, M., Mcdaniel, P.: On lightweight mobile phone application certification. In: ACM Conference on Computer and Communications Security, pp. 235–245 (2009)
Scikit-Learn, Extra Tree Classifier. https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.ExtraTreesClassifier.html
Li, W., Ge, J., Dai, G.: Detecting malware for android platform: an SVM-based approach. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, pp. 464–469. IEEE (2015)
Wang, Z., Cai, J., Cheng, S., Li. W.: DroidDeepLearner: identifying android malware using deep learning. In: 2016 IEEE 37th Sarnoff Symposium, pp. 160–165. IEEE (2016)
Monica, K., Li, W.: Lightweight malware detection based on machine learning algorithms and the android manifest file. In: 2016 IEEE MIT Undergraduate Research Technology Conference (URTC), pp. 1–3. IEEE (2016)
Li, W., Wang, Z., Cai, J., Cheng, S.: An android malware detection approach using weight-adjusted deep learning. In: 2018 International Conference on Computing, Networking and Communications (ICNC), pp. 437–441. IEEE (2018)
Su, X., Liu, X., Lin, J., He, S., Zhangjie, F., Li, W.: De-cloaking malicious activities in smartphones using HTTP flow mining. KSII Trans. Internet Inf. Syst. (TIIS) 11(6), 3230–3253 (2017)
Li, W., Bala, N., Ahmar, A., Tovar, F., Battu, A., Bambarkar, P.: A robust malware detection approach for android system against adversarial example attacks. In: 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), pp. 360–365. IEEE (2019)
Su, X., Xiao, L., Li, W., Liu, X., Li, K.-C., Liang, W.: DroidPortrait: android malware portrait construction based on multidimensional behavior analysis. Appl. Sci. 10(11), 3978 (2020)
Bala, N., Ahmar, A., Li, W., Tovar, F., Battu, A., Bambarkar, P.: DroidEnemy: battling adversarial example attacks for Android malware detection. Digit. Commun. Netw. (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Li, W., Cai, J., Wang, Z., Cheng, S. (2022). A Robust Malware Detection Approach for Android System Based on Ensemble Learning. In: Wang, G., Choo, KK.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds) Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science, vol 1557. Springer, Singapore. https://doi.org/10.1007/978-981-19-0468-4_23
Download citation
DOI: https://doi.org/10.1007/978-981-19-0468-4_23
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-0467-7
Online ISBN: 978-981-19-0468-4
eBook Packages: Computer ScienceComputer Science (R0)