Android Malware Classifier Combining Permissions and API Features to Face Model Drifting

Wen Ting Chang, Yi Ming Chen, Hui Hsuan Yang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F1-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.

Original languageEnglish
Title of host publicationNew Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings
EditorsSun-Yuan Hsieh, Ling-Ju Hung, Sheng-Lung Peng, Ralf Klasing, Chia-Wei Lee
PublisherSpringer Science and Business Media Deutschland GmbH
Pages434-446
Number of pages13
ISBN (Print)9789811995811
DOIs
StatePublished - 2022
Event25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022 - Taoyuan, Taiwan
Duration: 15 Dec 202217 Dec 2022

Publication series

NameCommunications in Computer and Information Science
Volume1723 CCIS
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937

Conference

Conference25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022
Country/TerritoryTaiwan
CityTaoyuan
Period15/12/2217/12/22

Keywords

  • Android malware detection
  • Machine learning
  • Model aging
  • Static analysis

Fingerprint

Dive into the research topics of 'Android Malware Classifier Combining Permissions and API Features to Face Model Drifting'. Together they form a unique fingerprint.

Cite this