MFF-AMD: multivariate feature fusion for android malware detection

Guangquan Xu; Meiqi Feng; Litao Jiao; Jian Liu; Hong-Ning Dai; Ding Wang; Emmanouil Panaousis; Xi Zheng

doi:10.1007/978-3-030-92635-9_22

MFF-AMD: multivariate feature fusion for android malware detection

Guangquan Xu, Meiqi Feng, Litao Jiao, Jian Liu^*, Hong-Ning Dai, Ding Wang, Emmanouil Panaousis, Xi Zheng

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

1 Citation (Scopus)

Abstract

Researchers have turned their focus on leveraging either dynamic or static features extracted from applications to train AI algorithms to identify malware precisely. However, the adversarial techniques have been continuously evolving and meanwhile, the code structure and application function have been designed in complex format. This makes Android malware detection more challenging than before. Most of the existing detection methods may not work well on recent malware samples. In this paper, we aim at enhancing the detection accuracy of Android malware through machine learning techniques via the design and development of our system called MFF-AMD. In our system, we first extract various features through static and dynamic analysis and obtain a multiscale comprehensive feature set. Then, to achieve high classification performance, we introduce the Relief algorithm to fuse the features, and design four weight distribution algorithms to fuse base classifiers. Finally, we set the threshold to guide MFF-AMD to perform static or hybrid analysis on the malware samples. Our experiments performed on more than 25,000 applications from the recent five-year dataset demonstrate that MFF-AMD can effectively detect malware with high accuracy.

Original language	English
Title of host publication	Collaborative Computing: Networking, Applications and Worksharing
Subtitle of host publication	17th EAI International Conference, CollaborateCom 2021, Virtual Event, October 16–18, 2021, Proceedings, Part I
Editors	Honghao Gao, Xinheng Wang
Place of Publication	Cham, Switzerland
Publisher	Springer, Springer Nature
Pages	368-385
Number of pages	18
ISBN (Electronic)	9783030926359
ISBN (Print)	9783030926342
DOIs	https://doi.org/10.1007/978-3-030-92635-9_22
Publication status	Published - 2021
Event	17th EAI International Conference on Collaborative Computing: Networking, Applications, and Worksharing, CollaborateCom 2021 - Virtual, Online Duration: 16 Oct 2021 → 18 Oct 2021

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	406 LNICST
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	17th EAI International Conference on Collaborative Computing: Networking, Applications, and Worksharing, CollaborateCom 2021
City	Virtual, Online
Period	16/10/21 → 18/10/21

Keywords

Malware detection
Hybrid analysis
Weight distribution
Multivariate feature fusion

Access to Document

10.1007/978-3-030-92635-9_22

Cite this

Xu, G., Feng, M., Jiao, L., Liu, J., Dai, H.-N., Wang, D., Panaousis, E., & Zheng, X. (2021). MFF-AMD: multivariate feature fusion for android malware detection. In H. Gao, & X. Wang (Eds.), Collaborative Computing: Networking, Applications and Worksharing: 17th EAI International Conference, CollaborateCom 2021, Virtual Event, October 16–18, 2021, Proceedings, Part I (pp. 368-385). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 406 LNICST). Springer, Springer Nature. https://doi.org/10.1007/978-3-030-92635-9_22

Xu, Guangquan ; Feng, Meiqi ; Jiao, Litao et al. / MFF-AMD : multivariate feature fusion for android malware detection. Collaborative Computing: Networking, Applications and Worksharing: 17th EAI International Conference, CollaborateCom 2021, Virtual Event, October 16–18, 2021, Proceedings, Part I. editor / Honghao Gao ; Xinheng Wang. Cham, Switzerland : Springer, Springer Nature, 2021. pp. 368-385 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{7566401a197b452caa97fee65aee2e61,

title = "MFF-AMD: multivariate feature fusion for android malware detection",

abstract = "Researchers have turned their focus on leveraging either dynamic or static features extracted from applications to train AI algorithms to identify malware precisely. However, the adversarial techniques have been continuously evolving and meanwhile, the code structure and application function have been designed in complex format. This makes Android malware detection more challenging than before. Most of the existing detection methods may not work well on recent malware samples. In this paper, we aim at enhancing the detection accuracy of Android malware through machine learning techniques via the design and development of our system called MFF-AMD. In our system, we first extract various features through static and dynamic analysis and obtain a multiscale comprehensive feature set. Then, to achieve high classification performance, we introduce the Relief algorithm to fuse the features, and design four weight distribution algorithms to fuse base classifiers. Finally, we set the threshold to guide MFF-AMD to perform static or hybrid analysis on the malware samples. Our experiments performed on more than 25,000 applications from the recent five-year dataset demonstrate that MFF-AMD can effectively detect malware with high accuracy.",

keywords = "Malware detection, Hybrid analysis, Weight distribution, Multivariate feature fusion",

author = "Guangquan Xu and Meiqi Feng and Litao Jiao and Jian Liu and Hong-Ning Dai and Ding Wang and Emmanouil Panaousis and Xi Zheng",

year = "2021",

doi = "10.1007/978-3-030-92635-9_22",

language = "English",

isbn = "9783030926342",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer, Springer Nature",

pages = "368--385",

editor = "Honghao Gao and Xinheng Wang",

booktitle = "Collaborative Computing: Networking, Applications and Worksharing",

address = "United States",

note = "17th EAI International Conference on Collaborative Computing: Networking, Applications, and Worksharing, CollaborateCom 2021 ; Conference date: 16-10-2021 Through 18-10-2021",

}

Xu, G, Feng, M, Jiao, L, Liu, J, Dai, H-N, Wang, D, Panaousis, E & Zheng, X 2021, MFF-AMD: multivariate feature fusion for android malware detection. in H Gao & X Wang (eds), Collaborative Computing: Networking, Applications and Worksharing: 17th EAI International Conference, CollaborateCom 2021, Virtual Event, October 16–18, 2021, Proceedings, Part I. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 406 LNICST, Springer, Springer Nature, Cham, Switzerland, pp. 368-385, 17th EAI International Conference on Collaborative Computing: Networking, Applications, and Worksharing, CollaborateCom 2021, Virtual, Online, 16/10/21. https://doi.org/10.1007/978-3-030-92635-9_22

MFF-AMD: multivariate feature fusion for android malware detection. / Xu, Guangquan; Feng, Meiqi; Jiao, Litao et al.
Collaborative Computing: Networking, Applications and Worksharing: 17th EAI International Conference, CollaborateCom 2021, Virtual Event, October 16–18, 2021, Proceedings, Part I. ed. / Honghao Gao; Xinheng Wang. Cham, Switzerland: Springer, Springer Nature, 2021. p. 368-385 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 406 LNICST).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - MFF-AMD

T2 - 17th EAI International Conference on Collaborative Computing: Networking, Applications, and Worksharing, CollaborateCom 2021

AU - Xu, Guangquan

AU - Feng, Meiqi

AU - Jiao, Litao

AU - Liu, Jian

AU - Dai, Hong-Ning

AU - Wang, Ding

AU - Panaousis, Emmanouil

AU - Zheng, Xi

PY - 2021

Y1 - 2021

N2 - Researchers have turned their focus on leveraging either dynamic or static features extracted from applications to train AI algorithms to identify malware precisely. However, the adversarial techniques have been continuously evolving and meanwhile, the code structure and application function have been designed in complex format. This makes Android malware detection more challenging than before. Most of the existing detection methods may not work well on recent malware samples. In this paper, we aim at enhancing the detection accuracy of Android malware through machine learning techniques via the design and development of our system called MFF-AMD. In our system, we first extract various features through static and dynamic analysis and obtain a multiscale comprehensive feature set. Then, to achieve high classification performance, we introduce the Relief algorithm to fuse the features, and design four weight distribution algorithms to fuse base classifiers. Finally, we set the threshold to guide MFF-AMD to perform static or hybrid analysis on the malware samples. Our experiments performed on more than 25,000 applications from the recent five-year dataset demonstrate that MFF-AMD can effectively detect malware with high accuracy.

AB - Researchers have turned their focus on leveraging either dynamic or static features extracted from applications to train AI algorithms to identify malware precisely. However, the adversarial techniques have been continuously evolving and meanwhile, the code structure and application function have been designed in complex format. This makes Android malware detection more challenging than before. Most of the existing detection methods may not work well on recent malware samples. In this paper, we aim at enhancing the detection accuracy of Android malware through machine learning techniques via the design and development of our system called MFF-AMD. In our system, we first extract various features through static and dynamic analysis and obtain a multiscale comprehensive feature set. Then, to achieve high classification performance, we introduce the Relief algorithm to fuse the features, and design four weight distribution algorithms to fuse base classifiers. Finally, we set the threshold to guide MFF-AMD to perform static or hybrid analysis on the malware samples. Our experiments performed on more than 25,000 applications from the recent five-year dataset demonstrate that MFF-AMD can effectively detect malware with high accuracy.

KW - Malware detection

KW - Hybrid analysis

KW - Weight distribution

KW - Multivariate feature fusion

UR - http://www.scopus.com/inward/record.url?scp=85122575950&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-92635-9_22

DO - 10.1007/978-3-030-92635-9_22

M3 - Conference proceeding contribution

AN - SCOPUS:85122575950

SN - 9783030926342

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 368

EP - 385

BT - Collaborative Computing: Networking, Applications and Worksharing

A2 - Gao, Honghao

A2 - Wang, Xinheng

PB - Springer, Springer Nature

CY - Cham, Switzerland

Y2 - 16 October 2021 through 18 October 2021

ER -

Xu G, Feng M, Jiao L, Liu J, Dai HN, Wang D et al. MFF-AMD: multivariate feature fusion for android malware detection. In Gao H, Wang X, editors, Collaborative Computing: Networking, Applications and Worksharing: 17th EAI International Conference, CollaborateCom 2021, Virtual Event, October 16–18, 2021, Proceedings, Part I. Cham, Switzerland: Springer, Springer Nature. 2021. p. 368-385. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-030-92635-9_22

MFF-AMD: multivariate feature fusion for android malware detection

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this