Journal of Guangxi Normal University(Natural Science Edition) ›› 2020, Vol. 38 ›› Issue (2): 19-28.doi: 10.16088/j.issn.1001-6600.2020.02.003

Previous Articles     Next Articles

A Confidence-guided Hybrid Android Malware DetectionSystem with Multiple Heterogeneous Algorithms

ZHANG Yongsheng1, ZHU Wenjun2, SHI Ruoqi2, DU Zhenhua3, ZHANG Rui3, WANG Zhi2*   

  1. 1. East China Regional Air Traffic Management Bureau, Civil Aviation Administration of China, Shanghai 200335, China;
    2. College of Cyber Science, Nankai University, Tianjin 300350, China;
    3. National Computer Virus Emergency Response Center, Tianjin 300457, China
  • Received:2019-10-08 Published:2020-04-02

PDF (PC)

309

Abstract: At present, machine learning based Android malware detection approaches has the problem of model aging. Malware is constantly changing and evolving rapidly with time, which leads to concept drift. Concept drift makes underlying data distribution change over time, which violates the machine learning assumption that the data distribution is stable. In order to alleviate the problem of model aging, a confidence-guided hybrid malware detection system is proposed. By analyzing the credibility and confidence of the predicted results of heterogeneous models, this system can break through the problem that the heterogeneous models could not cooperate with each other. An open hybrid detection platform is established to mitigate concept drift. Experiments show that hybrid Android malware detection system is effective. In an evaluation with 66 000 applications, SVM model and random forest model have their own advantages and disadvantages. Hybrid Android malware detection system can improve the prediction effect on the basis of one single model.

Key words: malware detection, machine learning, confidence calculation, hybrid detection

CLC Number: 

  • TP309
[1] 中国互联网络信息中心. 第42次中国互联网络发展状况统计报告[R/OL]. (2018-08-20)[2019-10-08]. http://www.cnnic.cn/hlwfzyj/hlwxzbg/hlwtjbg/201808/t20180820_70488.htm.
[2] MA Z, GE H, LIU Y, et al. A combination method for android malware detection based on control flow graphs and machine learning algorithms[J]. IEEE Access, 2019, 7: 21235-21245.
[3] VINOD P, ZEMMARI A, CONTI M. A machine learning based approach to detect malicious android apps using discriminant system calls[J]. Future Generation Computer Systems, 2019, 94: 333-350.
[4] CAI H, MENG N, RYDER B, et al. Droidcat: Effective android malware detection and categorization via app-level profiling[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(6): 1455-1470.
[5] HAN Weijie, XUE Jingfeng, YONG Wang, et al. MalDAE: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics[J]. Computers and Security, 2019, 83: 208-233.
[6] SARACINO A, SGANDURRA D, DINI G,et al. MADAM: Effective and efficient behavior-based android malware detection and prevention[J]. IEEE Transactions on Dependable and Secure Computing, 2018, 15(1): 83-97.
[7] CHEN T M, MAO Q Y, YANG Y M,et al. TinyDroid: A lightweight and efficient model for Android malware detection and classification[J]. Mobile Information Systems, 2018, 2018: 4157156.
[8] CHEN L W, HOU S F, YE Y F, et al. DroidEye: Fortifying security of learning-based classifier against adversarial Android malware attacks[C]//2018: IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. Piscataway, NJ: IEE Press, 2018: 782-789.
[9] 王全民, 张帅帅, 杨晶. 一种基于协同训练的Android恶意代码检测方法[J]. 计算机技术与发展,2019,29(1): 135-139.
[10]SHAFER G, VOVK V. A tutorial on conformal prediction[J]. Journal of Machine Learning Research, 2008, 9(3): 371-421.
[11]JORDANEY R, SHARAD K, DASH S K, et al. Transcend: Detecting concept drift in malware classification models[C]//Proceedings of the 26th: Usenix Security Symposium. Vancouver: USENIX, 2017: 625-642.
[12]ARP D, SPREITZENBARTH M, HUBNER M, et al. DREBIN: Effective and explainable detection of Android malware in your pocket[C]//NDSS Symposium 2014. San Diego, CA: NDSS, 2014. DOI:10.14722/ndss.2014.23247.
[13]黄衍, 查伟雄. 随机森林与支持向量机分类性能比较[J]. 软件, 2012, 33(6): 107-110.
[1] LIN Yue,LIU Tingzhang,WANG Zhehe. Quantity Optimization of Virtual Sample Generation with Two Kinds of Upper Bound Conditions [J]. Journal of Guangxi Normal University(Natural Science Edition), 2019, 37(1): 142-148.
[2] ZHANG Ren-jin, TANG Cui-fang, LIU Bin. Researching and Programming of Computer Games Using Artificial Neural Networks [J]. Journal of Guangxi Normal University(Natural Science Edition), 2011, 29(2): 119-124.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] WANG Jiaqin, DENG Guohe. Pricing of Interest Rate Derivatives Based on Affine Jump Diffusion Model[J]. Journal of Guangxi Normal University(Natural Science Edition), 2016, 34(3): 74 -85 .
[2] XU Lun-hui, LIU Jing-ning, ZHU Qun-qiang, WANG Qing, XIE Yan, SUO Sheng-chao. Path Deviation Control of Automatic Guided Vehicle[J]. Journal of Guangxi Normal University(Natural Science Edition), 2015, 33(1): 1 -6 .
[3] KUANG Xian-yan, WU Yun, CAO Wei-hua, WU Yin-feng. Cellular Automata Simulation Model for Urban MixedNon-motor Vehicle Flow[J]. Journal of Guangxi Normal University(Natural Science Edition), 2015, 33(1): 7 -14 .
[4] XIAO Rui-jie, LIU Ye, XIU Xiao-ming, KONG Ling-jiang. State Transfer of Two Mechanical Oscillators in Coupled CavityOptomechanical System[J]. Journal of Guangxi Normal University(Natural Science Edition), 2015, 33(1): 15 -19 .
[5] HUANG Hui-qiong, QIN Yun-mei. Overtaking Model Based on Drivers’ Characteristics[J]. Journal of Guangxi Normal University(Natural Science Edition), 2015, 33(1): 20 -26 .
[6] YUAN Le-ping, SUN Rui-shan. Probabilistic Safety Assessment of Air Traffic Conflict Resolution[J]. Journal of Guangxi Normal University(Natural Science Edition), 2015, 33(1): 27 -31 .
[7] YANG Pan-pan, ZHU Long-ji, CAO Meng-jie. TSC Type of Reactive Power Compensation Control SystemBased on STM32[J]. Journal of Guangxi Normal University(Natural Science Edition), 2015, 33(1): 32 -37 .
[8] ZHANG Mei-yue. Some New Results for the Electron Beams Focusing System Model[J]. Journal of Guangxi Normal University(Natural Science Edition), 2015, 33(1): 38 -44 .
[9] HOU Xiao-dong, CAI Bin-bin, JIN Wei-dong, DUAN Wang-wang. A New Weighted Evidence Fusion Algorithm Based on Evidence Distanceand Fuzzy Entropy Theory[J]. Journal of Guangxi Normal University(Natural Science Edition), 2015, 33(1): 45 -51 .
[10] YUE Cai-jie, CHEN Yuan-yan, ZHU Xin-hua. An Effective Area Query Algorithm in Sensor Network[J]. Journal of Guangxi Normal University(Natural Science Edition), 2015, 33(1): 52 -58 .
Copyright © Journal of Guangxi Normal University(Natural Science Edition), All Rights Reserved.
Tel: 0773-5857325 E-mail: gxsdzkb@mailbox.gxnu.edu.cn
Powered by Beijing Magtech Co. Ltd