Exploring Feature Extraction and ELM in Malware Detection for Android Devices

A huge increase in the number of mobile malware brings a serious threat to Internet security, as the adoption rate of mobile device is soaring, especially Android device. A variety of researches have been developed to defense malware, but the mobile device users continuously suffer private information leak or economic losses from malware. Recently, a large number of methods have been proposed based on static or dynamic features analysis combining with machine learning methods, which are considered effective to detect malware on mobile device. In this paper, we propose an effective framework to detect malware on Android device based on feature extraction and neural network calssifier. In this framework, we take use of static features to represent malware and utilize extreme learning machine ELM algorithm to learn the neural network. We first extract features from the malware, and then utilize three different feature extraction methods including principal component analysis PCA, Karhunen-Loeve transform KLT and independent component analysis ICA to transform the feature matrix into new feature spaces and generate three new feature matrixes. For each feature matrix, we construct En base classifiers by using ELM. Finally, we utilize Stacking method to combine the results. Experimental results suggest that the proposed framework is effective in detecting malware on Android device.

[1]  L. J. Cao,et al.  Feature extraction in support vector machine: a comparison of PCA, XPCA and ICA , 2002, Proceedings of the 9th International Conference on Neural Information Processing, 2002. ICONIP '02..

[2]  Hongming Zhou,et al.  Extreme Learning Machine for Regression and Multiclass Classification , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[3]  Ibrahim Sogukpinar,et al.  An Android Malware Detection Architecture based on Ensemble Learning , 2014 .

[4]  Mohd Faizal Abdollah,et al.  Analysis of Features Selection and Machine Learning Classifier in Android Malware Detection , 2014, 2014 International Conference on Information Science & Applications (ICISA).

[5]  Zhi-Hua Zhou,et al.  Ensemble Methods: Foundations and Algorithms , 2012 .

[6]  Guang-Bin Huang,et al.  Extreme learning machine: a new learning scheme of feedforward neural networks , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[7]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[8]  Akanksha Sharma,et al.  Mining API Calls and Permissions for Android Malware Detection , 2014, CANS.

[9]  Christopher M. Bishop,et al.  Pattern Recognition and Machine Learning (Information Science and Statistics) , 2006 .

[10]  V. Natarajan,et al.  Android based malware detection using a multifeature collaborative decision fusion approach , 2015, Neurocomputing.

[11]  Nasser M. Nasrabadi,et al.  Pattern Recognition and Machine Learning , 2006, Technometrics.

[12]  Aapo Hyvärinen,et al.  Fast and robust fixed-point algorithms for independent component analysis , 1999, IEEE Trans. Neural Networks.

[13]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[14]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[15]  Xinwen Fu,et al.  Towards Neural Network Based Malware Detection on Android Mobile Devices , 2014, Cybersecurity Systems for Human Cognition Augmentation.

[16]  Robert P. W. Duin,et al.  Feedforward neural networks with random weights , 1992, Proceedings., 11th IAPR International Conference on Pattern Recognition. Vol.II. Conference B: Pattern Recognition Methodology and Systems.

[17]  Tao Zhang,et al.  AntiMalDroid: An Efficient SVM-Based Malware Detection Framework for Android , 2011, ICICA.

[18]  M.N.S. Swamy,et al.  Independent Component Analysis , 2014 .

[19]  Babu M. Mehtre,et al.  Static Malware Analysis Using Machine Learning Methods , 2014, SNDS.

[20]  Sakir Sezer,et al.  A New Android Malware Detection Approach Using Bayesian Classification , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[21]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[22]  Jacques Klein,et al.  Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot , 2012, SOAP '12.

[23]  Jules White,et al.  Applying machine learning classifiers to dynamic Android malware detection at scale , 2013, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC).

[24]  Eul Gyu Im,et al.  Android malware classification method: Dalvik bytecode frequency analysis , 2013, RACS.

[25]  Latifur Khan,et al.  A Machine Learning Approach to Android Malware Detection , 2012, 2012 European Intelligence and Security Informatics Conference.