Abstract
Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F1-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Huang, H., et al.: A large-scale study of android malware development phenomenon on public malware submission and scanning platform. IEEE Trans. Big Data 7(2), 255–270 (2021). https://doi.org/10.1109/TBDATA.2018.2790439
Kumar, K.A., Raman, A., Gupta, C., Pillai, R.R.: The recent trends in malware evolution, detection and analysis for android devices. J. Eng. Sci. Techol. Rev. 13(4), 240–248 (2020). https://doi.org/10.25103/jestr.134.25
Allix, K., Bissyandé, T.F., Klein, J., Le Traon, Y.: Are your training datasets yet relevant? In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 51–67. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15618-7_5
Machine Learning Methods for Malware Detection [Kaspersky]: SecureReading. https://securereading.com/downloads/machine-learning-methods-for-malware-detection-kaspersky/. Accessed 26 Aug 2022
Kan, Z., Pendlebury, F., Pierazzi, F., Cavallaro, L.: Investigating Labelless drift adaptation for malware detection. In: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, Virtual Event Republic of Korea, November 2021, pp. 123–134. https://doi.org/10.1145/3474369.3486873
Xu, J., Li, Y., Deng, R.H., Xu, K.: SDAC: a slow-aging solution for android malware detection using semantic distance based API clustering. IEEE Trans. Depend. Secur. Comput. 19(2), 1149–1163 (2022). https://doi.org/10.1109/TDSC.2020.3005088
“Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (2020). https://dl.acm.org/doi/https://doi.org/10.1145/3372297.3417291. Accessed 26 Aug 2022
Park, S., Gondal, I., Kamruzzaman, J., Zhang, L.: One-shot malware outbreak detection using spatio-temporal isomorphic dynamic features. August 2019, pp. 751–756 (2019). https://doi.org/10.1109/TrustCom/BigDataSE.2019.00108
Sanz, B., Santos, I., Laorden, C., Ugarte-Pedrero, X., Bringas, P.G., Álvarez, G.: PUMA: permission usage to detect malware in android. In: International Joint Conference CISIS 2012-ICEUTE´12-SOCO 2012 Special Sessions, Berlin, Heidelberg, 2013, pp. 289–298 (2012). https://doi.org/10.1007/978-3-642-33018-6_30
Peiravian, N., Zhu, X.: Machine learning for android malware detection using permission and API Calls. In: 2013 IEEE 25th International Conference on Tools with Artificial Intelligence, November 2013, pp. 300–305 (2013). https://doi.org/10.1109/ICTAI.2013.53
Onwuzurike, L., Mariconti, E., Andriotis, P., Cristofaro, E.D., Ross, G., Stringhini, G.: MaMaDroid: detecting android malware by building markov chains of behavioral models (extended version). ACM Trans. Priv. Secur. 22(2), 14:1–14:34 (2019). https://doi.org/10.1145/3313391
Xu, K., Li, Y., Deng, R., Chen, K., Xu, J.: DroidEvolver: self-evolving android malware detection system. In: 2019 IEEE European Symposium on Security and Privacy (EuroS&P), June 2019, pp. 47–62 (2019). https://doi.org/10.1109/EuroSP.2019.00014
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Chang, WT., Chen, YM., Yang, HH. (2022). Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. In: Hsieh, SY., Hung, LJ., Klasing, R., Lee, CW., Peng, SL. (eds) New Trends in Computer Technologies and Applications. ICS 2022. Communications in Computer and Information Science, vol 1723. Springer, Singapore. https://doi.org/10.1007/978-981-19-9582-8_38
Download citation
DOI: https://doi.org/10.1007/978-981-19-9582-8_38
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-9581-1
Online ISBN: 978-981-19-9582-8
eBook Packages: Computer ScienceComputer Science (R0)