An Improved Ensemble Based Machine Learning Technique for Efficient Malware Classification

  • Farwa Maqbool HussainEmail author
  • Farhan Hassan Khan
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1198)


Android smartphones have become an emerging technology due to widespread adoption. The widely used Android devices allow installation of apps and grant privileges to access confidential information from the phone which resulted in being targeted by malware developers. The dramatic rise in the number of attacks, develop an interest to make a robust system that automatically identifies the presence of malicious behavior in Android applications. The previous malware detection studies comprised of static and dynamic analysis techniques, extreme learning machine and virtual machine introspection that have few shortcomings in detection of data outflow such as high computational and performance cost, low accuracy, high false positive rates, etc. The proposed approach overcomes the problems of static and dynamic techniques in malware detection. The novel classification approach senses all kinds of source-code and application behaviors. The proposed technique scans the keywords of manifest.xml files for malicious items. By the enhancement of manifest.xml feature the proposed technique can reduce apps scan time as compared to previous proposed malware detection frameworks. This technique also improves the security of Android users.


Android Malware detection Machine learning 


  1. 1.
    Wu, W., Hung, S.: DroidDolphin: a dynamic android malware detection framework using big data and machine learning. In; RACS 2014, 5–8 October 2014, Towson, MD, USA, pp. 247–253 (2014)Google Scholar
  2. 2.
    Talha, A., Alper, D.I., Aydin, C.: APK Auditor: permission-based Android malware detection system. Digit. Investig. 13, 1–14 (2015)CrossRefGoogle Scholar
  3. 3.
    Damodaran, A., Troia, F.D., Visaggio, C.A., Austin, T.H., Stamp, M.: A comparison of static, dynamic, and hybrid analysis for malware detection. J. Comput. Virol. Hack. Tech. 13(1), 1–12 (2015). Scholar
  4. 4.
    Fan, M., et al.: Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Trans. Inf. Forensics Secur. 13(8), 1890–1906 (2018)CrossRefGoogle Scholar
  5. 5.
    Idrees, F., Rajarajan, M., Conti, M., Chen, T.M., Rahulamathavan, Y.: PIndroid: a novel android malware detection system using ensemble learning methods. Comp. Secur. 68, 36–46 (2017)CrossRefGoogle Scholar
  6. 6.
    Narudin, F.A., Feizollah, A., Anuar, N.B., Gani, A.: Evaluation of machine learning classifiers for mobile malware detection. Soft Comput. 20(1), 343–357 (2014). Scholar
  7. 7.
    Kabakus, A.T., Dogru, I.A.: An in-depth analysis of Android malware using hybrid techniques. Digit. Investig. 24, 25–33 (2018)CrossRefGoogle Scholar
  8. 8.
    Wang, W., Gao, Z., Zhao, M., Li, Y., Liu, J., Zhang, X.: DroidEnsemble: detecting Android malicious applications with ensemble of string and structural static features. IEEE Access 6, 31798–31807 (2018)Google Scholar
  9. 9.
    Chen, S., et al.: Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput. Secur. 73, 326–344 (2018)CrossRefGoogle Scholar
  10. 10.
    Li, J., Sun, L., Yan, Q., Li, Z., Srisa-an, W., Ye, H.: Significant permission identification for machine-learning-based Android malware detection. IEEE Trans. Industr. Inf. 14(7), 3216–3225 (2018)CrossRefGoogle Scholar
  11. 11.
    Milosevic, N., Dehghantanha, A., Choo, K.R.: Machine learning aided Android malware classification. Comput. Electr. Eng. 61, 266–274 (2017)CrossRefGoogle Scholar
  12. 12.
    Rehman, Z., et al.: Machine learning-assisted signature and heuristic-based detection of malwares in Android devices. Comput. Electr. Eng. 69, 828–841 (2018)CrossRefGoogle Scholar
  13. 13.
    Wu, S., Wang, P., Li, X., Zhang, Y.: Effective detection of Android malware based on the usage of data flow APIs and machine learning. Inf. Soft. Technol. 75, 17–25 (2016)CrossRefGoogle Scholar
  14. 14.
    Kozik, R.: Distributing extreme learning machines with Apache Spark for NetFlow-based malware activity detection. Pattern Recognit. Lett. 101, 14–20 (2018)CrossRefGoogle Scholar
  15. 15.
    Ajay Kumara, M.A., Jaidhar, C.D.: Leveraging virtual machine introspection with memory forensics to detect and characterize unknown malware using machine learning techniques at hypervisor. Digit. Investig. 23, 99–123 (2017)CrossRefGoogle Scholar
  16. 16.
    Narayanan, A., Chandramohan, M., Chen, L., Liu, Y.: Context-aware, adaptive, and scalable Android malware detection through online learning. IEEE Trans. Emerg. Top. Comput. Intell. 1(3), 157–176 (2017)CrossRefGoogle Scholar
  17. 17.
    Feng, P., Ma, J., Sun, C., Xu, X., Ma, Y.: A novel dynamic Android malware detection system with ensemble learning. IEEE Access 6, 30996–31011 (2018)CrossRefGoogle Scholar
  18. 18.
    Moonsamy, V., Rong, J., Liu, S.: Mining permission patterns for contrasting clean and malicious Android applications. Future Gener. Comput. Syst. 36, 122–132 (2014)CrossRefGoogle Scholar
  19. 19.
    Calleja, A., Martín, A., Menéndez, H.D., Tapiador, J., Clark, D.: Picking on the family: disrupting Android malware triage by forcing misclassification. Expert Syst. Appl. 95, 113–126 (2018)CrossRefGoogle Scholar
  20. 20.
    Yousefi-Azar, M., Hamey, L.G.C., Varadharajan, V., Chen, S.: Malytics: a malware detection scheme. IEEE Access 6, 49418–49431 (2018)CrossRefGoogle Scholar
  21. 21.
    Saracino, A., Sgandurra, D., Dini, G., Martinelli, F.: Madam: effective and efficient behavior-based Android malware detection and prevention. IEEE Trans. Dependable Secure Comput. 15(1), 83–97 (2018)CrossRefGoogle Scholar
  22. 22.
    Sun, S., et al.: Real-time behavior analysis and identification for Android application. IEEE Access 6, 38041–38051 (2018)CrossRefGoogle Scholar
  23. 23.
    Wei, L., et al.: Machine learning-based malicious application detection of Android. IEEE Access 5, 25591–25601 (2017). Special Section Internet-of-Things (IoT) Big Data Trust ManagementCrossRefGoogle Scholar
  24. 24.
    Zhang, F., Coble, J.: Multilayer data-driven cyber-attack detection system for industrial control systems based on network, system, and process data. IEEE Trans. Industr. Inf. 15(7), 4362–4370 (2019)CrossRefGoogle Scholar
  25. 25.
    Du, D., Sun, Y., Ma, Y., Xiao, F.: A novel approach to detect malware variants based on classified behaviors. IEEE Access 7, 81770–81782 (2019)CrossRefGoogle Scholar
  26. 26.
    Domenick Morales-Molina, C., Santamaria-Guerrero, D., Sanchez-Perez, G., Toscano-Medina, K., Perez-Meana, H., Hernandez-Suarez, A.: Methodology for malware classification using a random forest classifier. In: IEEE International Autumn Meeting on Power, Electronics and Computing, ROPEC 2018 Ixtapa Mexico, pp. 1–6 (2018)Google Scholar
  27. 27.
    Kumar, R., Zhang, X., Wang, W., Khan, R., Kumar, J., Sharif, A.: A multimodal malware detection technique for Android IoT devices using various features. IEEE Access 7, 64411–64421 (2019)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Department of Computer Science and Software EngineeringIIUIIslamabadPakistan
  2. 2.Knowledge and Data Science Research Centre (KDRC), College of Electrical and Mechanical Engineering (CEME)National University of Sciences and Technology (NUST)IslamabadPakistan

Personalised recommendations