Fast, automatic and scalable learning to detect android malware

Mahmood Yousefi-Azar*, Len Hamey, Vijay Varadharajan, Mark D. McDonnell

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

5 Citations (Scopus)


We propose a novel scheme for Android malware detection. The scheme has two extremely fast phases. First term-frequency simhashing (tf-simhashing) extracts a fixed sized vector for each binary file. The hashing algorithm embeds the frequency of n-grams of bytes into the output vector which can be reshaped into an image representation. In the second phase, we propose a convolutional extreme learning machine (CELM) learns to distinguish between hashes of malicious and clean files as a two class classification task. This scalable scheme is extremely fast in both learning and predicting. The results show that tf-simhashing in an image-shape representation together with CELM provides better performance than three non-parametric models and one state-of-the-art parametric model.

Original languageEnglish
Title of host publicationNeural Information Processing
Subtitle of host publication24th International Conference, ICONIP 2017, Guangzhou, China, November 14–18, 2017. Proceedings, Part V
EditorsDerong Liu, Shengli Xie, Yuanqing Li, Dongbin Zhao, El-Sayed M. El-Alfy
PublisherSpringer, Springer Nature
Number of pages10
ISBN (Electronic)9783319701394
ISBN (Print)9783319701387
Publication statusPublished - 2017
Event24th International Conference on Neural Information Processing, ICONIP 2017 - Guangzhou, China
Duration: 14 Nov 201718 Nov 2017

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference24th International Conference on Neural Information Processing, ICONIP 2017


  • Android malware detection
  • Convolutional extreme learning machine
  • Static analysis
  • Term-frequency simhashing


Dive into the research topics of 'Fast, automatic and scalable learning to detect android malware'. Together they form a unique fingerprint.

Cite this