MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling
The continuous malicious attacks on Internet of Things devices pose a potential threat to the economic and private information security of end-users, especially on the dominant Android devices. Combining static analysis methods with deep Learning is a promising approach to defend against that. This...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Hindawi-IET
2024-01-01
|
Series: | IET Information Security |
Online Access: | http://dx.doi.org/10.1049/2024/2850804 |
_version_ | 1797295812056711168 |
---|---|
author | Wei Gu Hongyan Xing Tianhao Hou |
author_facet | Wei Gu Hongyan Xing Tianhao Hou |
author_sort | Wei Gu |
collection | DOAJ |
description | The continuous malicious attacks on Internet of Things devices pose a potential threat to the economic and private information security of end-users, especially on the dominant Android devices. Combining static analysis methods with deep Learning is a promising approach to defend against that. This kind of method has two limitations: the first is that the current single-permission mechanism is not insufficient to regulate interapplication resource acquisition; another problem is that current work on feature learning is dedicated to modifying a single network structure, which may result in a suboptimal solution. In this study, to solve the abovementioned problems, we propose a novel malware detection framework MFEMDroid, which combines multitype features analysis and ensemble modeling. The Provider feature, facilitating information requests between applications (apps) and serving as an indispensable data storage method, plays a vital role in characterizing app behavior. Hence, we extract permissions and Provider features to comprehensively characterize app behavior and probe potentially dangerous combinations between or within these features. To address oversparse datasets and reduce feature learning overhead, we employ an auto-encoder for feature dimensionality reduction. Furthermore, we design an ensemble network based on SENet, ResNet, and the evolutionary convolutional neural network Squeeze Excitation Residual Network (SEResNet) to explore the hidden associations between different types of features from multiple perspectives. We performed extensive experiments to evaluate its method performance on real-world samples. The evaluation results demonstrate that the proposed framework can detect malware with an accuracy of 95.38%, which is much better than state-of-the-art solutions. These promising experimental results show that MFEMDroid is an effective approach to detect Android malware. |
first_indexed | 2024-03-07T21:54:22Z |
format | Article |
id | doaj.art-7d4561a613634a2fb4c7cc81ab254013 |
institution | Directory Open Access Journal |
issn | 1751-8717 |
language | English |
last_indexed | 2024-03-07T21:54:22Z |
publishDate | 2024-01-01 |
publisher | Hindawi-IET |
record_format | Article |
series | IET Information Security |
spelling | doaj.art-7d4561a613634a2fb4c7cc81ab2540132024-02-25T00:00:03ZengHindawi-IETIET Information Security1751-87172024-01-01202410.1049/2024/2850804MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble ModelingWei Gu0Hongyan Xing1Tianhao Hou2School of Electronics and Information EngineeringSchool of Electronics and Information EngineeringSchool of Electronics and Information EngineeringThe continuous malicious attacks on Internet of Things devices pose a potential threat to the economic and private information security of end-users, especially on the dominant Android devices. Combining static analysis methods with deep Learning is a promising approach to defend against that. This kind of method has two limitations: the first is that the current single-permission mechanism is not insufficient to regulate interapplication resource acquisition; another problem is that current work on feature learning is dedicated to modifying a single network structure, which may result in a suboptimal solution. In this study, to solve the abovementioned problems, we propose a novel malware detection framework MFEMDroid, which combines multitype features analysis and ensemble modeling. The Provider feature, facilitating information requests between applications (apps) and serving as an indispensable data storage method, plays a vital role in characterizing app behavior. Hence, we extract permissions and Provider features to comprehensively characterize app behavior and probe potentially dangerous combinations between or within these features. To address oversparse datasets and reduce feature learning overhead, we employ an auto-encoder for feature dimensionality reduction. Furthermore, we design an ensemble network based on SENet, ResNet, and the evolutionary convolutional neural network Squeeze Excitation Residual Network (SEResNet) to explore the hidden associations between different types of features from multiple perspectives. We performed extensive experiments to evaluate its method performance on real-world samples. The evaluation results demonstrate that the proposed framework can detect malware with an accuracy of 95.38%, which is much better than state-of-the-art solutions. These promising experimental results show that MFEMDroid is an effective approach to detect Android malware.http://dx.doi.org/10.1049/2024/2850804 |
spellingShingle | Wei Gu Hongyan Xing Tianhao Hou MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling IET Information Security |
title | MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling |
title_full | MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling |
title_fullStr | MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling |
title_full_unstemmed | MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling |
title_short | MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling |
title_sort | mfemdroid a novel malware detection framework using combined multitype features and ensemble modeling |
url | http://dx.doi.org/10.1049/2024/2850804 |
work_keys_str_mv | AT weigu mfemdroidanovelmalwaredetectionframeworkusingcombinedmultitypefeaturesandensemblemodeling AT hongyanxing mfemdroidanovelmalwaredetectionframeworkusingcombinedmultitypefeaturesandensemblemodeling AT tianhaohou mfemdroidanovelmalwaredetectionframeworkusingcombinedmultitypefeaturesandensemblemodeling |