IEdroid:Detecting Malicious Android Network Behavior Using Incremental Ensemble of Ensembles

Malware detection has attracted widespread attention due to the growing malware sophistication. Machine learning based methods have been proposed to find traces of malware by analyzing network traffic. However, network traffic exhibits a series of growing and changing states, which makes it challeng...

Full description

Saved in:
Bibliographic Details
Main Authors: Liu, Cong, Yan, Anli, Chen, Zhenxiang, Zhang, Haibo, Yan, Qiben, Peng, Lizhi, Zhao, Chuan
Format: Conference Proceeding
Language:English
Subjects:
Adaptation models
big data
Distributed databases
incremental update
Machine learning
malicious behavior detection
Malware
network traffic
Prototypes
Telecommunication traffic
Training
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 795
container_issue
container_start_page 788
container_title
container_volume
creator Liu, Cong
Yan, Anli
Chen, Zhenxiang
Zhang, Haibo
Yan, Qiben
Peng, Lizhi
Zhao, Chuan
description Malware detection has attracted widespread attention due to the growing malware sophistication. Machine learning based methods have been proposed to find traces of malware by analyzing network traffic. However, network traffic exhibits a series of growing and changing states, which makes it challenging to design a detection model that can detect malicious traffic over a long period without the need for costly retraining. In this paper, we present, IEdroid, an Android malicious network behavior detection method that leverages incremental ensembles for model update. Specifically, we train multiple classifiers to form an interim ensemble in distributed cluster environment, and update the interim ensemble by removing and adding classifiers. The generated model is composed of multiple interim ensembles that can adapt to the network traffic. We evaluated the performance of IEdroid using a dataset consisting of 98,565 benign and 41,267 malicious flows. Results show that IEdroid can effectively detect malicious traffic compared with state-of-the-art detection models. The experiment trained IEdroid on datasets incrementally for 10 times without a significant loss on accuracy, precision, recall, and F-Measure, compared with re-training from scratch with full data.
doi_str_mv 10.1109/ICPADS53394.2021.00104
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_9763749</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9763749</ieee_id><sourcerecordid>9763749</sourcerecordid><originalsourceid>FETCH-LOGICAL-i118t-c9aad040031ee7436379a0b926d7b524908893728222b34e23b6fcb81f0035ae3</originalsourceid><addsrcrecordid>eNo9jNtKw0AURUdBsNZ-gSDzA6ln7jO-xTZqoF5A-yaUSXKio7lIJir-vfWCT3vDXnsRcsxgzhi4k3xxmy7vlBBOzjlwNgdgIHfIzBnLtFYSrLFil0y4dpAop9U-OYjxGYCDUDAhD3lWDX2oTpc4YjmG7pFe-SaUoX-LNO1-NnqN40c_vNAzfPLvoR_oOn6DeVcO2GI3-oZmXcS2aJD29X-Ph2Sv9k3E2V9Oyfo8u19cJqubi3yRrpLAmB2T0nlfgQQQDNFIoYVxHgrHdWUKxaUDa50w3HLOCyGRi0LXZWFZvb0oj2JKjn69ARE3r0No_fC5cWYrkk58AeeVU-c</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>IEdroid:Detecting Malicious Android Network Behavior Using Incremental Ensemble of Ensembles</title><source>IEEE Xplore All Conference Series</source><creator>Liu, Cong ; Yan, Anli ; Chen, Zhenxiang ; Zhang, Haibo ; Yan, Qiben ; Peng, Lizhi ; Zhao, Chuan</creator><creatorcontrib>Liu, Cong ; Yan, Anli ; Chen, Zhenxiang ; Zhang, Haibo ; Yan, Qiben ; Peng, Lizhi ; Zhao, Chuan</creatorcontrib><description>Malware detection has attracted widespread attention due to the growing malware sophistication. Machine learning based methods have been proposed to find traces of malware by analyzing network traffic. However, network traffic exhibits a series of growing and changing states, which makes it challenging to design a detection model that can detect malicious traffic over a long period without the need for costly retraining. In this paper, we present, IEdroid, an Android malicious network behavior detection method that leverages incremental ensembles for model update. Specifically, we train multiple classifiers to form an interim ensemble in distributed cluster environment, and update the interim ensemble by removing and adding classifiers. The generated model is composed of multiple interim ensembles that can adapt to the network traffic. We evaluated the performance of IEdroid using a dataset consisting of 98,565 benign and 41,267 malicious flows. Results show that IEdroid can effectively detect malicious traffic compared with state-of-the-art detection models. The experiment trained IEdroid on datasets incrementally for 10 times without a significant loss on accuracy, precision, recall, and F-Measure, compared with re-training from scratch with full data.</description><identifier>EISSN: 2690-5965</identifier><identifier>EISBN: 9781665408783</identifier><identifier>EISBN: 1665408782</identifier><identifier>DOI: 10.1109/ICPADS53394.2021.00104</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>Adaptation models ; big data ; Distributed databases ; incremental update ; Machine learning ; malicious behavior detection ; Malware ; network traffic ; Prototypes ; Telecommunication traffic ; Training</subject><ispartof>2021 IEEE 27th International Conference on Parallel and Distributed Systems (ICPADS), 2021, p.788-795</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9763749$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9763749$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Liu, Cong</creatorcontrib><creatorcontrib>Yan, Anli</creatorcontrib><creatorcontrib>Chen, Zhenxiang</creatorcontrib><creatorcontrib>Zhang, Haibo</creatorcontrib><creatorcontrib>Yan, Qiben</creatorcontrib><creatorcontrib>Peng, Lizhi</creatorcontrib><creatorcontrib>Zhao, Chuan</creatorcontrib><title>IEdroid:Detecting Malicious Android Network Behavior Using Incremental Ensemble of Ensembles</title><title>2021 IEEE 27th International Conference on Parallel and Distributed Systems (ICPADS)</title><addtitle>ICPADS</addtitle><description>Malware detection has attracted widespread attention due to the growing malware sophistication. Machine learning based methods have been proposed to find traces of malware by analyzing network traffic. However, network traffic exhibits a series of growing and changing states, which makes it challenging to design a detection model that can detect malicious traffic over a long period without the need for costly retraining. In this paper, we present, IEdroid, an Android malicious network behavior detection method that leverages incremental ensembles for model update. Specifically, we train multiple classifiers to form an interim ensemble in distributed cluster environment, and update the interim ensemble by removing and adding classifiers. The generated model is composed of multiple interim ensembles that can adapt to the network traffic. We evaluated the performance of IEdroid using a dataset consisting of 98,565 benign and 41,267 malicious flows. Results show that IEdroid can effectively detect malicious traffic compared with state-of-the-art detection models. The experiment trained IEdroid on datasets incrementally for 10 times without a significant loss on accuracy, precision, recall, and F-Measure, compared with re-training from scratch with full data.</description><subject>Adaptation models</subject><subject>big data</subject><subject>Distributed databases</subject><subject>incremental update</subject><subject>Machine learning</subject><subject>malicious behavior detection</subject><subject>Malware</subject><subject>network traffic</subject><subject>Prototypes</subject><subject>Telecommunication traffic</subject><subject>Training</subject><issn>2690-5965</issn><isbn>9781665408783</isbn><isbn>1665408782</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2021</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNo9jNtKw0AURUdBsNZ-gSDzA6ln7jO-xTZqoF5A-yaUSXKio7lIJir-vfWCT3vDXnsRcsxgzhi4k3xxmy7vlBBOzjlwNgdgIHfIzBnLtFYSrLFil0y4dpAop9U-OYjxGYCDUDAhD3lWDX2oTpc4YjmG7pFe-SaUoX-LNO1-NnqN40c_vNAzfPLvoR_oOn6DeVcO2GI3-oZmXcS2aJD29X-Ph2Sv9k3E2V9Oyfo8u19cJqubi3yRrpLAmB2T0nlfgQQQDNFIoYVxHgrHdWUKxaUDa50w3HLOCyGRi0LXZWFZvb0oj2JKjn69ARE3r0No_fC5cWYrkk58AeeVU-c</recordid><startdate>202112</startdate><enddate>202112</enddate><creator>Liu, Cong</creator><creator>Yan, Anli</creator><creator>Chen, Zhenxiang</creator><creator>Zhang, Haibo</creator><creator>Yan, Qiben</creator><creator>Peng, Lizhi</creator><creator>Zhao, Chuan</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>202112</creationdate><title>IEdroid:Detecting Malicious Android Network Behavior Using Incremental Ensemble of Ensembles</title><author>Liu, Cong ; Yan, Anli ; Chen, Zhenxiang ; Zhang, Haibo ; Yan, Qiben ; Peng, Lizhi ; Zhao, Chuan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i118t-c9aad040031ee7436379a0b926d7b524908893728222b34e23b6fcb81f0035ae3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Adaptation models</topic><topic>big data</topic><topic>Distributed databases</topic><topic>incremental update</topic><topic>Machine learning</topic><topic>malicious behavior detection</topic><topic>Malware</topic><topic>network traffic</topic><topic>Prototypes</topic><topic>Telecommunication traffic</topic><topic>Training</topic><toplevel>online_resources</toplevel><creatorcontrib>Liu, Cong</creatorcontrib><creatorcontrib>Yan, Anli</creatorcontrib><creatorcontrib>Chen, Zhenxiang</creatorcontrib><creatorcontrib>Zhang, Haibo</creatorcontrib><creatorcontrib>Yan, Qiben</creatorcontrib><creatorcontrib>Peng, Lizhi</creatorcontrib><creatorcontrib>Zhao, Chuan</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEL</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Liu, Cong</au><au>Yan, Anli</au><au>Chen, Zhenxiang</au><au>Zhang, Haibo</au><au>Yan, Qiben</au><au>Peng, Lizhi</au><au>Zhao, Chuan</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>IEdroid:Detecting Malicious Android Network Behavior Using Incremental Ensemble of Ensembles</atitle><btitle>2021 IEEE 27th International Conference on Parallel and Distributed Systems (ICPADS)</btitle><stitle>ICPADS</stitle><date>2021-12</date><risdate>2021</risdate><spage>788</spage><epage>795</epage><pages>788-795</pages><eissn>2690-5965</eissn><eisbn>9781665408783</eisbn><eisbn>1665408782</eisbn><coden>IEEPAD</coden><abstract>Malware detection has attracted widespread attention due to the growing malware sophistication. Machine learning based methods have been proposed to find traces of malware by analyzing network traffic. However, network traffic exhibits a series of growing and changing states, which makes it challenging to design a detection model that can detect malicious traffic over a long period without the need for costly retraining. In this paper, we present, IEdroid, an Android malicious network behavior detection method that leverages incremental ensembles for model update. Specifically, we train multiple classifiers to form an interim ensemble in distributed cluster environment, and update the interim ensemble by removing and adding classifiers. The generated model is composed of multiple interim ensembles that can adapt to the network traffic. We evaluated the performance of IEdroid using a dataset consisting of 98,565 benign and 41,267 malicious flows. Results show that IEdroid can effectively detect malicious traffic compared with state-of-the-art detection models. The experiment trained IEdroid on datasets incrementally for 10 times without a significant loss on accuracy, precision, recall, and F-Measure, compared with re-training from scratch with full data.</abstract><pub>IEEE</pub><doi>10.1109/ICPADS53394.2021.00104</doi><tpages>8</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2690-5965
ispartof 2021 IEEE 27th International Conference on Parallel and Distributed Systems (ICPADS), 2021, p.788-795
issn 2690-5965
language eng
recordid cdi_ieee_primary_9763749
source IEEE Xplore All Conference Series
subjects Adaptation models
big data
Distributed databases
incremental update
Machine learning
malicious behavior detection
Malware
network traffic
Prototypes
Telecommunication traffic
Training
title IEdroid:Detecting Malicious Android Network Behavior Using Incremental Ensemble of Ensembles
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T09%3A51%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=IEdroid:Detecting%20Malicious%20Android%20Network%20Behavior%20Using%20Incremental%20Ensemble%20of%20Ensembles&rft.btitle=2021%20IEEE%2027th%20International%20Conference%20on%20Parallel%20and%20Distributed%20Systems%20(ICPADS)&rft.au=Liu,%20Cong&rft.date=2021-12&rft.spage=788&rft.epage=795&rft.pages=788-795&rft.eissn=2690-5965&rft.coden=IEEPAD&rft_id=info:doi/10.1109/ICPADS53394.2021.00104&rft.eisbn=9781665408783&rft.eisbn_list=1665408782&rft_dat=%3Cieee_CHZPO%3E9763749%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i118t-c9aad040031ee7436379a0b926d7b524908893728222b34e23b6fcb81f0035ae3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=9763749&rfr_iscdi=true