MalDetect: A classifier fusion approach for detection of android malware

Abstract

Android has been a significant target of malware applications due to the exponential growth of mobile devices. This may result in severe threats to Android users such as financial loss, information leakage etc. The security of smartphones has encouraged the researchers in applying machine learning techniques to enhance the Android malware detection rate as the traditional approaches are not effective in distinguishing unknown malware. In recent years, many malicious apps have been detected on Android devices using machine learning based approaches. The problem with these detection systems is that they give a high false positive and false negative rate. Therefore, it is imperative to develop methods for better identifying and classifying malware. The main contribution of this paper is to improve the classification accuracy by fusing the base classifiers. This paper proposes a fusion approach named as MalDetect that enables an effective combination of machine learning techniques to improve the identification rate of malware. The proposed approach is based on the base classifiers and a set of ranking algorithms defined on their predictive error rate. The purpose of this method is to improve the detection rate of Android malware. Two datasets i.e. Drebin and AndroMD are used to illustrate the effectiveness of the proposed approach. Experimental results show that the proposed approach performs better than the individual base classifiers and traditional ensemble learning techniques for identifying Android malware. Further, the proposed approach is compared with the renowned Stacking ensemble technique that uses a meta-classifier. From the experimental outcomes, it is found that the weighted F-measure obtained from the Stacking for Drebin and AndroMD datasets is 0.9811 and 0.9775 respectively whereas the weighted F-measure acquired from the proposed approach is 0.9857 and 0.9790 respectively.