Context-Aware, Adaptive, and Scalable Android Malware Detection Through Online Learning

  title={Context-Aware, Adaptive, and Scalable Android Malware Detection Through Online Learning},
  author={Annamalai Narayanan and Mahinthan Chandramohan and Lihui Chen and Yang Liu},
  journal={IEEE Transactions on Emerging Topics in Computational Intelligence},
It is well known that Android malware constantly evolves so as to evade detection. This causes the entire malware population to be nonstationary. Contrary to this fact, most of the prior works on machine learning based android malware detection have assumed that the distribution of the observed malware characteristics (i.e., features) does not change over time. In this paper, we address the problem of <italic>malware population drift</italic> and propose a novel online learning based framework… 

Figures and Tables from this paper

Assessing and Improving Malware Detection Sustainability through App Evolution Studies
  • Haipeng Cai
  • Computer Science
    ACM Trans. Softw. Eng. Methodol.
  • 2020
The main takeaway, which also explains the superiority of DroidSpan is that the use of features consistently differentiating malware from benign apps over time is essential for sustainable learning-based malware detection, and that these features can be learned from studies on app evolution.
Feature-Based Semi-supervised Learning to Detect Malware from Android
The approach presented in this chapter is help to select best features by applying feature sub-set selection methods and to establish a malware detection model to support the higher accuracy rates used in the literature.
An Improved Ensemble Based Machine Learning Technique for Efficient Malware Classification
The proposed approach overcomes the problems of static and dynamic techniques in malware detection and senses all kinds of source-code and application behaviors and can reduce apps scan time as compared to previous proposed malware detection frameworks.
Towards Large-Scale Hunting for Android Negative-Day Malware
The results show that Lshand is capable of hunting down undiscovered malware in a large scale, and the manual analysis and a third-party scanner have confirmed the authors' negative-day malware findings to be malware or grayware.
Towards a Fair Comparison and Realistic Design and Evaluation Framework of Android Malware Detectors
An analysis of 10 research works on Android malware detection using a common evaluation framework concludes that the studied ML-based detectors have been evaluated optimistically, which justifies the good published results.
DroidEvolver: Self-Evolving Android Malware Detection System
DroidEvolver, an Android malware detection system that can automatically and continually update itself during malware detection without any human involvement, is proposed and shown robust against typical code obfuscation techniques.
A Comprehensive Review on Malware Detection Approaches
This paper presents a detailed review on malware detection approaches and recent detection methods which use these approaches, and the pros and cons of each detection approach, and methods that are used in these approaches.
Mobile Malware Detection - An Analysis of the Impact of Feature Categories
A new technique to include contextual information in API calls into feature values is proposed and the study reveals that embedding such information enhances malware detection capability by a good margin.
A Systematic Overview of the Machine Learning Methods for Mobile Malware Detection
The mobile malware detection techniques used in recent studies based on attack intentions are explored, such as server, network, client software, client hardware, and user, and they are classified as supervised and unsupervised learning.


Adaptive and scalable Android malware detection through online learning
DroidOL achieves 84.29% accuracy outperforming two state-of-the-art malware techniques by more than 20% in their typical batch learning setting and more than 3% when they are continuously re-trained.
MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention
MADAM is a novel host-based malware detection system for Android devices which simultaneously analyzes and correlates features at four levels: kernel, application, user and package, to detect and stop malicious behaviors.
Structural detection of android malware using embedded call graphs
This paper proposes a method for malware detection based on efficient embeddings of function call graphs with an explicit feature map inspired by a linear-time graph kernel that outperforms several related approaches and detects 89% of the malware with few false alarms, while also allowing to pin-point malicious code structures within Android applications.
DroidScribe: Classifying Android Malware Based on Runtime Behavior
A novel classification method is introduced that fuses Support Vector Machines with Conformal Prediction to generate high-accuracy prediction sets where the information is insufficient to pinpoint a single family of Android malware samples.
Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs
A novel semantic-based approach that classifies Android malware via dependency graphs that is capable of detecting zero-day malware with a low false negative rate and an acceptable false positive rate while tolerating minor implementation differences is proposed.
StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware
This paper introduces a streaminglized machine learning-based MD framework, StormDroid, based on machine learning, enhanced with a novel combination of contributed features that improves MD accuracy by almost 10% compared with state-of-the-art antivirus systems.
Obfuscation-Resilient , Efficient , and Accurate Detection and Family Identification of Android Malware
A novel machine learning-based Android malware detection and family identification approach that provides selectable features and assesses RevealDroid’s accuracy and obfuscation resilience on an updated dataset of malware from a diverse set of families.
DroidSieve: Fast and Accurate Classification of Obfuscated Android Malware
DroidSieve is proposed, an Android malware classifier based on static analysis that is fast, accurate, and resilient to obfuscation, and exploits obfuscation-invariant features and artifacts introduced by obfuscation mechanisms used in malware.
Dissecting Android Malware: Characterization and Evolution
Systematize or characterize existing Android malware from various aspects, including their installation methods, activation mechanisms as well as the nature of carried malicious payloads reveal that they are evolving rapidly to circumvent the detection from existing mobile anti-virus software.
DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket
DREBIN is proposed, a lightweight method for detection of Android malware that enables identifying malicious applications directly on the smartphone and outperforms several related approaches and detects 94% of the malware with few false alarms.