Your browser does not support JavaScript!

High accuracy android malware detection using ensemble learning

High accuracy android malware detection using ensemble learning

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

With over 50 billion downloads and more than 1.3 million apps in Google's official market, Android has continued to gain popularity among smartphone users worldwide. At the same time there has been a rise in malware targeting the platform, with more recent strains employing highly sophisticated detection avoidance techniques. As traditional signature-based methods become less potent in detecting unknown malware, alternatives are needed for timely zero-day discovery. Thus, this study proposes an approach that utilises ensemble learning for Android malware detection. It combines advantages of static analysis with the efficiency and performance of ensemble machine learning to improve Android malware detection accuracy. The machine learning models are built using a large repository of malware samples and benign apps from a leading antivirus vendor. Experimental results and analysis presented shows that the proposed method which uses a large feature space to leverage the power of ensemble learning is capable of 97.3–99% detection accuracy with very low false positive rates.


    1. 1)
    2. 2)
      • 36., AccessedOctober 2014.
    3. 3)
      • 24. Peng, H., Gates, C., Sarma, B., et al: ‘Using probabilistic generative models for ranking risks of Android apps’. Proc. of the 19th ACM Conf. on Computer and Communications Security (CCS 2012), Raleigh, NC, USA, October 2012, pp. 241252.
    4. 4)
    5. 5)
      • 11. Mann, C., Starostin, A.: ‘A framework for static detection of privacy leaks in android applications’. Proc. 27th Annual ACM Symp. on Applied Computing (SAC'12), Trento, Italy, March 2012, pp. 14571462.
    6. 6)
      • 17. Chen, Y., Narayanan, A., Pang, S., Tao, B.: ‘Malicious software detection using multiple sequence alignment and data mining’. 26th IEEE Int. Conf. on Advanced Information Networking and Applications AINA 2012, 2012.
    7. 7)
    8. 8)
      • 14. Chan, P.P.F., Hui, L.C.K., Yiu, S.M.: ‘DroidChecker: analyzing android applications for capability leak’. Proc. Fifth ACM Conf. on Security and Privacy in Wirelessand Mobile Networks (WISEC'12), Tucson, AZ, USA, April 2012, pp. 125136.
    9. 9)
      • 23. Sarma, B., Gates, C., Li, N., Potharaju, R., Nita-Rotaru, C., Molloy, I.: ‘Android permissions: a perspective combining risks and benefits’. Proc. 17th ACM Symp. on Access Control Models and Technologies, (SACMAT'12), June 2012, pp. 1322.
    10. 10)
      • 9. Gibler, C., Crussell, J., Erickson, J., Chen, H.: ‘AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale’. Proc. Fifth Int. Conf. on Trust and Trustworthy Computing (TRUST 2012), Vienna, Austria, June 2012, pp. 291307.
    11. 11)
      • 15. Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: ‘Data mining methods for detection of new malicious executables’. Proc. 2001 IEEE Symp. on Security and Privacy, (SP‘01), Oakland, CA, USA, May 2001, pp. 3849.
    12. 12)
      • 19. Muttik, I.: ‘Malware mining’. Proc. 21st Virus Bulletin Int. Conf., VB2011, Barcelona, Spain, 5–7 October 2011.
    13. 13)
      • 29. Zhao, M., Ge, F., Zhang, T., Yuan, Z.: ‘Antimaldroid: ‘An efficient svm based malware detection framework for android’, in Zhao, M., Ge, F., Zhang, T., Yuan, Z. (Eds.): ‘Communications in computer and information science’ (Springer, 2011), vol. 243, pp. 158166.
    14. 14)
      • 33. Hastie, T., Tibshirani, R., Freidman, J.: ‘The elements of statistical learning’ (Springer, 2001).
    15. 15)
      • 21. Sahs, J., Khan, L.: ‘A machine learning approach to android malware detection’. Proc. of European Intelligence and Security Informatics Conf., Odense, Denmark, August 2012, pp. 141147.
    16. 16)
      • 26. Schmidt, A.-D., Bye, R., Schmidt, H.-G., et al: ‘Static analysis of executables for collaborative malware detection on Android’. IEEE Int. Conf. on Communications (ICC'09), Dresden, Germany, June 2009, pp. 15.
    17. 17)
    18. 18)
      • 30. Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: ‘Crowdroid: behavior-based malware detection system for Android’. Proc. First ACM Workshop on Security and Privacy in Smartphones and Mobile devices (SPSM'11), New York, USA, 2011, pp. 1526.
    19. 19)
    20. 20)
      • 13. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: ‘Analyzing inter-application communication in android’. Proc. Ninth Int. Conf. on Mobile Systems, Applications, and Services (MobiSys'11). ACM, Washington, DC, USA, June 2011, pp. 239252.
    21. 21)
      • 31. Enck, W., Gilbert, P., Chun, B., et al: ‘Taintdroid: an information-flow tracking system for real time privacy monitoring on smartphones’. Proc. Ninth USENIX Conf. on Operating Systems Design and Implementation, USENIX2010, pp. 16.
    22. 22)
      • 27. Shabtai, A., Elovici, Y.: ‘Applying behavioral detection on android based devices’. MOBILWARE, 2010, pp. 235249.
    23. 23)
      • 22. Sanz, B., Santos, I., Laorden, C., Ugarte-Pedro, X., Bringas, P.G., Alvarez, G.: ‘PUMA: permission usage to detect malware in android’. Int. Joint Conf. CISIS'12-ICEUTÉ12-SOCO'12 Special Sessions, in Advances in Intelligent Systems and Computing, vol. 189, pp. 289298.
    24. 24)
      • 5. Oberheide, J., Miller, C.: ‘Dissecting the Android Bouncer’. SummerCon 2012, Brooklyn, NY, USA, June 2012.
    25. 25)
    26. 26)
      • 16. Wang, T.-Y., Wu, C.-H., Hsieh, C.-C.: ‘A virus prevention model based on static analysis and data mining methods’. Proc. IEEE Eighth Int. Conf. on Computer and Information Technology Workshops, Sydney, July 2008, pp. 288293.
    27. 27)
      • 6. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: ‘RiskRanker: scalable and accurate zero-day android malware detection’. Proc. Tenth Int. Conf. on Mobile Systems, Applications, and Services (MobiSys'12) ACM, Lake District, UK, June 2012, pp. 281294.
    28. 28)
    29. 29)
      • 8. Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A., Albayrak, S.: ‘Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications’. Sixth Int. Conf. on Malicious and Unwanted Software (MALWARE 2011), Fajardo, PR, USA, October 2011, pp. 6672.
    30. 30)
      • 37. Witten, H.I., Frank, E., Hall, M.A.: ‘Data Mining: practical machine learning tools and techniques’ (Morgan Kaufmann, 2011, 3rd edn.).
    31. 31)
    32. 32)
      • 25. Dong-Jie, W., Ching-Hao, M., Te-En, W., Hahn-Ming, L., Kuo-Ping, W.: ‘DroidMat: Android malware detection through manifest and API calls tracing’. Proc. Seventh Asia Joint Conf. on Information Security (Asia JCIS), 2012, pp. 6269.
    33. 33)
      • 7. Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: ‘ProfileDroid: multi-layer profiling of android applications’. Proc. 18th Int. Conf. on Mobile Computing and Networking (Mobicom'12). Istanbul, Turkey, August 2012, pp. 137148.
    34. 34)
      • 32., AccessedOctober 2014.
    35. 35)
      • 1. Zhou, Y., Jiang, X.: ‘Dissecting android malware: Characterization and evolution’. Proc. IEEE Symp. on Security and Privacy (SP), San Fransisco, CA, USA, May 2012, pp. 95109.
    36. 36)
      • 12. Bläsing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S.A., Albayrak, S.: ‘An android application sandbox system for suspicious software detection’. Fifth Int. Conf. on Malicious and Unwanted Software (MALWARE 2010), Nancy, France, October 2010, pp. 5562.
    37. 37)
      • 40. Cover, T.M., Thomas, J.A.: ‘Elements of information theory’ (Wiley, 1991).
    38. 38)
    39. 39)
      • 20. Yerima, S.Y., Sezer, S., McWilliams, G., Muttik, I.: ‘A new android malware detection approach using bayesian classification’. Proc. 27th IEEE int. Conf. on Advanced Information Networking and Applications (AINA 2013), Barcelona, Spain, 2013.
    40. 40)
      • 4. Oberheide, J., Cooke, E., Jahanian, F.: ‘Cloudav: N-version antivirus in the network cloud’. Proc. 17th USENIX Security Symp. (Security'08), San Jose, CA, July 2008, pp. 91106.
    41. 41)
      • 10. Kim, J., Yoon, Y., Yi, K., Shin, J.: ‘SCANDAL: static analyzer for detecting privacy leaks in android applications’. Mobile Security Technologies, MoST 2012, San Francisco, May 2012.

Related content

This is a required field
Please enter a valid email address