Android Malware Classifier Combining Permissions and API Features to Face Model Drifting

Wen Ting Chang; Yi Ming Chen; Hui Hsuan Yang

doi:10.1007/978-981-19-9582-8_38

Android Malware Classifier Combining Permissions and API Features to Face Model Drifting

Wen Ting Chang, Yi Ming Chen, Hui Hsuan Yang

Department of Information Management

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F₁-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.

Original language	English
Title of host publication	New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings
Editors	Sun-Yuan Hsieh, Ling-Ju Hung, Sheng-Lung Peng, Ralf Klasing, Chia-Wei Lee
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	434-446
Number of pages	13
ISBN (Print)	9789811995811
DOIs	https://doi.org/10.1007/978-981-19-9582-8_38
State	Published - 2022
Event	25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022 - Taoyuan, Taiwan Duration: 15 Dec 2022 → 17 Dec 2022

Publication series

Name	Communications in Computer and Information Science
Volume	1723 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022
Country/Territory	Taiwan
City	Taoyuan
Period	15/12/22 → 17/12/22

Keywords

Android malware detection
Machine learning
Model aging
Static analysis

Access to Document

10.1007/978-981-19-9582-8_38

Cite this

Chang, W. T., Chen, Y. M., & Yang, H. H. (2022). Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. In S.-Y. Hsieh, L.-J. Hung, S.-L. Peng, R. Klasing, & C.-W. Lee (Eds.), New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings (pp. 434-446). (Communications in Computer and Information Science; Vol. 1723 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-19-9582-8_38

Chang, Wen Ting ; Chen, Yi Ming ; Yang, Hui Hsuan. / Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. editor / Sun-Yuan Hsieh ; Ling-Ju Hung ; Sheng-Lung Peng ; Ralf Klasing ; Chia-Wei Lee. Springer Science and Business Media Deutschland GmbH, 2022. pp. 434-446 (Communications in Computer and Information Science).

@inproceedings{dcb860c826ed4ef6b738f52852b6384d,

title = "Android Malware Classifier Combining Permissions and API Features to Face Model Drifting",

abstract = "Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models{\textquoteright} detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F1-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs{\textquoteright} permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.",

keywords = "Android malware detection, Machine learning, Model aging, Static analysis",

author = "Chang, {Wen Ting} and Chen, {Yi Ming} and Yang, {Hui Hsuan}",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.; 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022 ; Conference date: 15-12-2022 Through 17-12-2022",

year = "2022",

doi = "10.1007/978-981-19-9582-8_38",

language = "???core.languages.en_GB???",

isbn = "9789811995811",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "434--446",

editor = "Sun-Yuan Hsieh and Ling-Ju Hung and Sheng-Lung Peng and Ralf Klasing and Chia-Wei Lee",

booktitle = "New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings",

}

Chang, WT, Chen, YM & Yang, HH 2022, Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. in S-Y Hsieh, L-J Hung, S-L Peng, R Klasing & C-W Lee (eds), New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. Communications in Computer and Information Science, vol. 1723 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 434-446, 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022, Taoyuan, Taiwan, 15/12/22. https://doi.org/10.1007/978-981-19-9582-8_38

Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. / Chang, Wen Ting; Chen, Yi Ming; Yang, Hui Hsuan.
New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. ed. / Sun-Yuan Hsieh; Ling-Ju Hung; Sheng-Lung Peng; Ralf Klasing; Chia-Wei Lee. Springer Science and Business Media Deutschland GmbH, 2022. p. 434-446 (Communications in Computer and Information Science; Vol. 1723 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Android Malware Classifier Combining Permissions and API Features to Face Model Drifting

AU - Chang, Wen Ting

AU - Chen, Yi Ming

AU - Yang, Hui Hsuan

PY - 2022

Y1 - 2022

N2 - Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F1-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.

AB - Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F1-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.

KW - Android malware detection

KW - Machine learning

KW - Model aging

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=85151000588&partnerID=8YFLogxK

U2 - 10.1007/978-981-19-9582-8_38

DO - 10.1007/978-981-19-9582-8_38

M3 - 會議論文篇章

AN - SCOPUS:85151000588

SN - 9789811995811

T3 - Communications in Computer and Information Science

SP - 434

EP - 446

BT - New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings

A2 - Hsieh, Sun-Yuan

A2 - Hung, Ling-Ju

A2 - Peng, Sheng-Lung

A2 - Klasing, Ralf

A2 - Lee, Chia-Wei

PB - Springer Science and Business Media Deutschland GmbH

T2 - 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022

Y2 - 15 December 2022 through 17 December 2022

ER -

Chang WT, Chen YM, Yang HH. Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. In Hsieh SY, Hung LJ, Peng SL, Klasing R, Lee CW, editors, New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 434-446. (Communications in Computer and Information Science). doi: 10.1007/978-981-19-9582-8_38

Android Malware Classifier Combining Permissions and API Features to Face Model Drifting

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this