Advertisement

Exploring Feature Extraction and ELM in Malware Detection for Android Devices

  • Wei Zhang
  • Huan Ren
  • Qingshan Jiang
  • Kai Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9377)

Abstract

A huge increase in the number of mobile malware brings a serious threat to Internet security, as the adoption rate of mobile device is soaring, especially Android device. A variety of researches have been developed to defense malware, but the mobile device users continuously suffer private information leak or economic losses from malware. Recently, a large number of methods have been proposed based on static or dynamic features analysis combining with machine learning methods, which are considered effective to detect malware on mobile device. In this paper, we propose an effective framework to detect malware on Android device based on feature extraction and neural network calssifier. In this framework, we take use of static features to represent malware and utilize extreme learning machine (ELM) algorithm to learn the neural network. We first extract features from the malware, and then utilize three different feature extraction methods including principal component analysis (PCA), Karhunen-Loève transform (KLT) and independent component analysis (ICA) to transform the feature matrix into new feature spaces and generate three new feature matrixes. For each feature matrix, we construct En base classifiers by using ELM. Finally, we utilize Stacking method to combine the results. Experimental results suggest that the proposed framework is effective in detecting malware on Android device.

Keywords

Feature extraction Android malware detection ELM Stacking method 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Bartel, A., Klein, J., Le Traon, Y., et al.: Dexpler: converting android dalvik bytecode to jimple for static analysis with soot. In: Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program Analysis, pp. 27–38. ACM (2012)Google Scholar
  3. 3.
    Nath, H.V., Mehtre, B.M.: Static Malware Analysis Using Machine Learning Methods. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 440–450. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  4. 4.
    Amos, B., Turner, H., White, J.: Applying machine learning classifiers to dynamic android malware detection at scale. In: Proceedings of 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1666–1671. IEEE (2013)Google Scholar
  5. 5.
    Zhao, M., Ge, F., Zhang, T., Yuan, Z.: AntiMalDroid: An efficient SVM-based malware detection framework for android. In: Liu, C., Chang, J., Yang, A., et al. (eds.) ICICA 2011, Part I. CCIS, vol. 243, pp. 158–166. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Shabtai, A., Kanonov, U., Elovici, Y., et al.: “Andromaly”: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems 38(1), 161–190 (2012)CrossRefGoogle Scholar
  7. 7.
    Sahs, J., Khan, L.: A machine learning approach to android malware detection. In: 2012 European Proceedings of Intelligence and Security Informatics Conference (EISIC), pp. 141–147. IEEE (2012)Google Scholar
  8. 8.
    Yerima, S.Y., Sezer, S., McWilliams, G., et al.: A new android malware detection approach using bayesian classification. In: Proceedings of 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), pp. 121–128. IEEE (2013)Google Scholar
  9. 9.
    Sharma, A., Dash, S.K.: Mining API Calls and Permissions for Android Malware Detection. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 191–205. Springer, Heidelberg (2014)Google Scholar
  10. 10.
    Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: Mining API-level features for robust malware detection in android. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 86–103. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Wu, D.J., Mao, C.H., Wei, T.E., et al.: Droidmat: Android malware detection through manifest and api calls tracing. In: Proceedings of 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS), pp. 62–69. IEEE (2012)Google Scholar
  12. 12.
    Barrera, D., Kayacik, H.G., van Oorschot, P.C., et al.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73–84. ACM (2010)Google Scholar
  13. 13.
    Yu, W., Ge, L., Xu, G., et al.: Towards Neural Network Based Malware Detection on Android Mobile Devices. In: Cybersecurity Systems for Human Cognition Augmentation. Advances in Information Security, pp. 99–117. Springer International Publishing (2014)Google Scholar
  14. 14.
    Mas’ud, M.Z., Sahib, S., Abdollah, M.F., et al.: Analysis of features selection and machine learning classifier in android malware detection. In: proceedings of 2014 International Conference on Information Science and Applications (ICISA), pp. 1–5. IEEE (2014)Google Scholar
  15. 15.
    Ozdemir, M., Sogukpinar, I.: An Android Malware Detection Architecture based on Ensemble Learning. Transactions on Machine Learning and Artificial Intelligence 2(3), 90–106 (2014)CrossRefGoogle Scholar
  16. 16.
    Sheen, S., Anitha, R., Natarajan, V.: Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing 151, 905–912 (2015)CrossRefGoogle Scholar
  17. 17.
    Kang, B., Kang, B.J., Kim, J., et al.: Android malware classification method: Dalvik bytecode frequency analysis. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, pp. 349–350. ACM (2013)Google Scholar
  18. 18.
    Bishop, C.M.: Pattern recognition and machine learning. Springer, Heidelberg (2006)zbMATHGoogle Scholar
  19. 19.
    Cao, L.J., Chong, W.K.: Feature extraction in support vector machine: a comparison of PCA, XPCA and ICA. In: Proceedings of the 9th International Conference on Neural Information Processing, ICONIP 2002, pp. 1001–1005. IEEE (2002)Google Scholar
  20. 20.
    Du, K.L., Swamy, M.N.S.: Independent component analysis. In: Neural Networks and Statistical Learning, pp. 419–450. Springer, London (2014)CrossRefGoogle Scholar
  21. 21.
    Hyvarinen, A.: Fast and robust fixed-point algorithms for independent component analysis. IEEE Transactions on Neural Networks 10(3), 626–634 (1999)CrossRefGoogle Scholar
  22. 22.
    Schmidt, W.F., Kraaijveld, M., Duin, R.P.W.: Feedforward neural networks with random weights. In: Proceedings of Conference on 11th IAPR International, pp. 1–4. IEEE (1992)Google Scholar
  23. 23.
    Huang, G.B., Zhu, Q.Y., Siew, C.K.: Extreme learning machine: a new learning scheme of feedforward Neural Networks. In: Proceedings of IEEE International Joint Confrence on Neural Networks, pp. 985–990. IEEE (2004)Google Scholar
  24. 24.
    Huang, G.B., Zhou, H., Ding, X., et al.: Extreme learning machine for regression and multiclass classification. IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics 42(2), 513–529 (2012)CrossRefGoogle Scholar
  25. 25.
    Zhou, Z.H.: Ensemble methods: foundations and algorithms. CRC Press (2012)Google Scholar
  26. 26.
    Android Malware GenomeProject, http://www.malgenomeproject.org/
  27. 27.
  28. 28.

Copyright information

© Springer International Publishing Switzerland 2015

<SimplePara><Emphasis Type="Bold">Open Access</Emphasis> This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (http://creativecommons.org/licenses/by-nc/2.5/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. </SimplePara> <SimplePara>The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.</SimplePara>

Authors and Affiliations

  • Wei Zhang
    • 1
  • Huan Ren
    • 1
    • 2
  • Qingshan Jiang
    • 1
  • Kai Zhang
    • 1
    • 2
  1. 1.Shenzhen Institutes of Advanced TechnologyChinese Academy of SciencesShenzhenChina
  2. 2.University of Science and Technology of ChinaHeifeiChina

Personalised recommendations