Android Malware Classification using XGBoost based on Images Patterns

With the rapid development of mobile Internet, mobile terminals gradually become the national basic information equipment. As the most popular mobile operating system, Android has many extr, emely serious security issues. In our wok, we extracted the dex file from the Android malware and visualized it as the image to extract features. Depend on the massive Android apps, we used XGBoost as the classification models to expand experiments. Compared with KNN, ET and GBDT, the XGBoost adopted the best classification effect, reaching the 99.14% accuracy and the 99.10% recall. The experimental results testing on a malware sets containing 10 families demonstrate that XGBoost has the excellent performance for Android malware classification.

[1]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[2]  Étienne Payet,et al.  Static analysis of Android programs , 2012, Inf. Softw. Technol..

[3]  Guanghui Liang,et al.  Image classification for malware detection using extremely randomized trees , 2017, 2017 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID).

[4]  Zhaohui Zheng,et al.  Stochastic gradient boosted distributed decision trees , 2009, CIKM.

[5]  Tianqi Chen,et al.  XGBoost: A Scalable Tree Boosting System , 2016, KDD.

[6]  Alan F. Murray,et al.  IEEE International Conference on Neural Networks , 1997 .

[7]  Gunnar Rätsch,et al.  Soft Margins for AdaBoost , 2001, Machine Learning.

[8]  T. Kohonen,et al.  Statistical pattern recognition with neural networks: benchmarking studies , 1988, IEEE 1988 International Conference on Neural Networks.

[9]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[10]  Thomas Mensink,et al.  Improving the Fisher Kernel for Large-Scale Image Classification , 2010, ECCV.

[11]  Srikanth Ramu Mobile Malware Evolution , Detection and Defense , 2012 .

[12]  Yong Qi,et al.  LSTM-Based Hierarchical Denoising Network for Android Malware Detection , 2018, Secur. Commun. Networks.

[13]  J. Yao,et al.  Complete Gabor transformation for signal representation , 1993, IEEE Trans. Image Process..

[14]  P. Sathyanarayana,et al.  Image Texture Feature Extraction Using GLCM Approach , 2013 .

[15]  Jieping Ye,et al.  A General Iterative Shrinkage and Thresholding Algorithm for Non-convex Regularized Optimization Problems , 2013, ICML.

[16]  Zhenlong Yuan,et al.  Droid-Sec: deep learning in android malware detection , 2015, SIGCOMM 2015.

[17]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[18]  Chenglin Li,et al.  Android Malware Detection using Large-scale Network Representation Learning , 2018, ArXiv.

[19]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[20]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[21]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.