A multi-model ensemble learning framework for imbalanced android malware detection

The continuous malicious software (malware) attacks on smartphones pose a serious threat to the security of users, especially the dominant platform Android. Data-driven methods based on machine learning algorithms are a promising way to defend against that. In this paper, we explore the limitations...

Full description

Saved in:
Bibliographic Details
Published in:Expert systems with applications 2023-12, Vol.234, p.120952, Article 120952
Main Authors: Zhu, Hui-juan, Li, Yang, Wang, Liang-min, Sheng, Victor S.
Format: Article
Language:English
Subjects:
Android
Deep learning
Ensemble learning
Feature extraction
Malware detection
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The continuous malicious software (malware) attacks on smartphones pose a serious threat to the security of users, especially the dominant platform Android. Data-driven methods based on machine learning algorithms are a promising way to defend against that. In this paper, we explore the limitations of this kind of methods in improving the performance of malware detection, e.g., considering each feature in isolation and relying on balanced class data, and propose a multi-model ensemble framework MEFDroid by combining individual predictors, where hybrid deep learning based feature extraction methods are adopted to learn meaningful features from raw data. Besides, a novel fusion scheme is exploited to fuse multi-level representations and mine their correlations to maximize the utilization of original information. To evaluate the effectiveness of the MEFDroid framework, we conduct a step-by-step model justification experiment to investigate how the proposed algorithms (i.e., ESAES, EDAES and EDAFS) enhance the malware detection performance gradually. We also compare the proposed algorithms with classical machine learning methods, conventional sampling solutions for the imbalance problem. Besides, we investigate the reliability of our proposed methods using another public dataset. Our extensive experimental results demonstrate that the target model EDAFS in MEFDroid outperforms others in terms of most metrics, which means that it is an effective alternative solution to detect Android malware.
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2023.120952