Android Malware Classifier Combining Permissions and API Features to Face Model Drifting

Wen Ting Chang; Yi Ming Chen; Hui Hsuan Yang

doi:10.1007/978-981-19-9582-8_38

Android Malware Classifier Combining Permissions and API Features to Face Model Drifting

Wen Ting Chang, Yi Ming Chen, Hui Hsuan Yang

資訊管理學系

研究成果: 書貢獻/報告類型 › 會議論文篇章 › 同行評審

摘要

Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F₁-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.

原文	???core.languages.en_GB???
主出版物標題	New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings
編輯	Sun-Yuan Hsieh, Ling-Ju Hung, Sheng-Lung Peng, Ralf Klasing, Chia-Wei Lee
發行者	Springer Science and Business Media Deutschland GmbH
頁面	434-446
頁數	13
ISBN（列印）	9789811995811
DOIs	https://doi.org/10.1007/978-981-19-9582-8_38
出版狀態	已出版 - 2022
事件	25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022 - Taoyuan, Taiwan 持續時間: 15 12月 2022 → 17 12月 2022

出版系列

名字	Communications in Computer and Information Science
卷	1723 CCIS
ISSN（列印）	1865-0929
ISSN（電子）	1865-0937

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???	25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022
國家/地區	Taiwan
城市	Taoyuan
期間	15/12/22 → 17/12/22

存取文件

10.1007/978-981-19-9582-8_38

引用此

Chang, W. T., Chen, Y. M., & Yang, H. H. (2022). Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. 於 S.-Y. Hsieh, L.-J. Hung, S.-L. Peng, R. Klasing, & C.-W. Lee (編輯), New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings (頁 434-446). (Communications in Computer and Information Science; 卷 1723 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-19-9582-8_38

Chang, Wen Ting ; Chen, Yi Ming ; Yang, Hui Hsuan. / Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. 編輯 / Sun-Yuan Hsieh ; Ling-Ju Hung ; Sheng-Lung Peng ; Ralf Klasing ; Chia-Wei Lee. Springer Science and Business Media Deutschland GmbH, 2022. 頁 434-446 (Communications in Computer and Information Science).

@inproceedings{dcb860c826ed4ef6b738f52852b6384d,

title = "Android Malware Classifier Combining Permissions and API Features to Face Model Drifting",

abstract = "Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models{\textquoteright} detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F1-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs{\textquoteright} permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.",

keywords = "Android malware detection, Machine learning, Model aging, Static analysis",

author = "Chang, {Wen Ting} and Chen, {Yi Ming} and Yang, {Hui Hsuan}",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.; 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022 ; Conference date: 15-12-2022 Through 17-12-2022",

year = "2022",

doi = "10.1007/978-981-19-9582-8_38",

language = "???core.languages.en_GB???",

isbn = "9789811995811",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "434--446",

editor = "Sun-Yuan Hsieh and Ling-Ju Hung and Sheng-Lung Peng and Ralf Klasing and Chia-Wei Lee",

booktitle = "New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings",

}

Chang, WT, Chen, YM & Yang, HH 2022, Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. 於 S-Y Hsieh, L-J Hung, S-L Peng, R Klasing & C-W Lee (編輯), New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. Communications in Computer and Information Science, 卷 1723 CCIS, Springer Science and Business Media Deutschland GmbH, 頁 434-446, 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022, Taoyuan, Taiwan, 15/12/22. https://doi.org/10.1007/978-981-19-9582-8_38

Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. / Chang, Wen Ting; Chen, Yi Ming; Yang, Hui Hsuan.
New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. 編輯 / Sun-Yuan Hsieh; Ling-Ju Hung; Sheng-Lung Peng; Ralf Klasing; Chia-Wei Lee. Springer Science and Business Media Deutschland GmbH, 2022. p. 434-446 (Communications in Computer and Information Science; 卷 1723 CCIS).

研究成果: 書貢獻/報告類型 › 會議論文篇章 › 同行評審

TY - GEN

T1 - Android Malware Classifier Combining Permissions and API Features to Face Model Drifting

AU - Chang, Wen Ting

AU - Chen, Yi Ming

AU - Yang, Hui Hsuan

PY - 2022

Y1 - 2022

N2 - Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F1-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.

AB - Machine learning is widely used in Android malware detection research, and it has been proven that machine learning models can achieve good results. However, detection models trained by old samples are hard to identify new malware with the changes in the Android development environment and the evolution of Android applications. That is, the models’ detection ability is not sustainable. This phenomenon is called model aging. A common solution to this problem is to retrain models. But if the model ages quickly, it will make retraining more difficult. More importantly, the detection system has low protection against new malware before the retrained model is released. Using AUT and F1-Score at each time slot to evaluate the degree of aging. This research establishes asn Android malware detection system with higher sustainability. Specifically, this research combines APKs’ permissions and APIs by the weights learned by linear models and will build two detection models using soft voting to decide whether the application is malware or not. Evaluating the detection system on the same period and overtime performance on the dataset of years 2012 to 2019. Compared to other Android malware detection research, the AUT increased by 3% –23%.

KW - Android malware detection

KW - Machine learning

KW - Model aging

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=85151000588&partnerID=8YFLogxK

U2 - 10.1007/978-981-19-9582-8_38

DO - 10.1007/978-981-19-9582-8_38

M3 - 會議論文篇章

AN - SCOPUS:85151000588

SN - 9789811995811

T3 - Communications in Computer and Information Science

SP - 434

EP - 446

BT - New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings

A2 - Hsieh, Sun-Yuan

A2 - Hung, Ling-Ju

A2 - Peng, Sheng-Lung

A2 - Klasing, Ralf

A2 - Lee, Chia-Wei

PB - Springer Science and Business Media Deutschland GmbH

T2 - 25th International Computer Symposium on New Trends in Computer Technologies and Applications, ICS 2022

Y2 - 15 December 2022 through 17 December 2022

ER -

Chang WT, Chen YM, Yang HH. Android Malware Classifier Combining Permissions and API Features to Face Model Drifting. 於 Hsieh SY, Hung LJ, Peng SL, Klasing R, Lee CW, 編輯, New Trends in Computer Technologies and Applications - 25th International Computer Symposium, ICS 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 434-446. (Communications in Computer and Information Science). doi: 10.1007/978-981-19-9582-8_38

Android Malware Classifier Combining Permissions and API Features to Face Model Drifting

摘要

出版系列

???event.eventtypes.event.conference???

存取文件

指紋

引用此