Android Malware Detection: Feature Update Using Incremental Learning Approach: Further Investigation of UFILA

Abstract

Several kinds of mobile applications are available on platforms offering various services to users. Both malware and good applications are found in software repositories, which is a major cybersecurity problem. To address this problem, machine learning approaches have been proposed in the literature for the detection of malware in general and malicious Android applications in particular. But obfuscation techniques are used by some developers to hide malicious applications, which implies the need to update Android malware detection models. In the literature few works are focused on updating features. Our contribution is therefore an incremental learning approach capable of detecting Android malware by taking into account both static and dynamic features. We propose through the UFILA approach an updated feature set for Android malware detection and classification by adding new features. We evaluated 13 classification algorithms and selected the four most effective algorithms to implement our approach. The results obtained by our approach outperform several malware detection approaches in the literature. Our approach allows to detect malicious android applications based on static and dynamic features with feature updating. It also allows to efficiently classify the different classes.