1 research outputs found
Context-aware, Adaptive and Scalable Android Malware Detection through Online Learning (extended version)
It is well-known that Android malware constantly evolves so as to evade
detection. This causes the entire malware population to be non-stationary.
Contrary to this fact, most of the prior works on Machine Learning based
Android malware detection have assumed that the distribution of the observed
malware characteristics (i.e., features) does not change over time. In this
work, we address the problem of malware population drift and propose a novel
online learning based framework to detect malware, named CASANDRA
(Contextaware, Adaptive and Scalable ANDRoid mAlware detector). In order to
perform accurate detection, a novel graph kernel that facilitates capturing
apps' security-sensitive behaviors along with their context information from
dependency graphs is proposed. Besides being accurate and scalable, CASANDRA
has specific advantages: i) being adaptive to the evolution in malware features
over time ii) explaining the significant features that led to an app's
classification as being malicious or benign. In a large-scale comparative
analysis, CASANDRA outperforms two state-of-the-art techniques on a benchmark
dataset achieving 99.23% F-measure. When evaluated with more than 87,000 apps
collected in-the-wild, CASANDRA achieves 89.92% accuracy, outperforming
existing techniques by more than 25% in their typical batch learning setting
and more than 7% when they are continuously retained, while maintaining
comparable efficiency