How online learning algorithms can help improve Android malware detection
A group of researchers from Nanyang Technological University, Singapore, have created a novel solution for large-scale Android malware detection.
It’s called DroidOL, and it’s an adaptive and scalable malware detection framework based on online learning.
“DroidOL’s achieves superior accuracy through extracting high quality features from inter-procedural control-flow graphs (ICFGs) of apps, which are known to be robust against evasion and obfuscation techniques adopted by malware,” the researchers explained.
They used the Weisfeiler-Lehman (WL) graph kernel to extract semantic features from ICFGs, and finally, online learning to distinguish between benign and malicious apps.
They attribute much of the success of their technique to the use of a scalable online learning classifier instead of batch-learning classifiers (which are not).
The model is continuously retrained, and ultimately considerably outperforms solutions based on machine learning techniques that are predominant on various platforms (including Android OS).
“In a large-scale comparative analysis with more than 87,000 apps, DroidOL achieves 84.29% accuracy outperforming two state-of-the-art malware techniques by more than 20% in their typical batch learning setting and more than 3% when they are continuously re-trained,” the researchers noted.
“Our experimental findings strongly indicate that online learning based approaches are highly suitable for real-world malware detection.”
As Android malware has been booming in the last few years and its capabilities have grown tremendously, effective techniques for spotting it are much needed.
More details about DroidOL can be found in this paper.