Meta-learning for multi-family Android malware classification

With the emergence of smartphones, Android has become a widely used mobile operating system. However, it is vulnerable when encountering various types of attacks. Every day, new malware threatens the security of users' devices and private data. Many methods have been proposed to classify malici...

Full description

Saved in:
Bibliographic Details
Main Authors: LI, Yao, YUAN, Dawei, ZHANG, Tao, CAI, Haipeng, LO, David, GAO, Cuiyun, LUO, Xiapu, JIANG, He
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2024
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/9429
https://ink.library.smu.edu.sg/context/sis_research/article/10429/viewcontent/3664806_pvoa_cc_by.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-10429
record_format dspace
spelling sg-smu-ink.sis_research-104292024-10-25T08:34:06Z Meta-learning for multi-family Android malware classification LI, Yao YUAN, Dawei ZHANG, Tao CAI, Haipeng LO, David GAO, Cuiyun LUO, Xiapu JIANG, He With the emergence of smartphones, Android has become a widely used mobile operating system. However, it is vulnerable when encountering various types of attacks. Every day, new malware threatens the security of users' devices and private data. Many methods have been proposed to classify malicious applications, utilizing static or dynamic analysis for classification. However, previous methods still suffer from unsatisfactory performance due to two challenges. First, they are unable to address the imbalanced data distribution problem, leading to poor performance for malware families with few members. Second, they are unable to address the zero-day malware (zero-day malware refers to malicious applications that exploit unknown vulnerabilities) classification problem. In this article, we introduce an innovative meta-learning approach for multi-family Android malware classification named Meta-MAMC, which uses meta-learning technology to learn meta-knowledge (i.e., the similarities and differences among different malware families) of few-family samples and combines new sampling algorithms to solve the above challenges. Meta-MAMC integrates (i) the meta-knowledge contained within the dataset to guide models in learning to identify unknown malware; and (ii) more accurate and diverse tasks based on novel sampling strategies, as well as directly adapting metalearning to a new few-sample and zero-sample task to classify families. We have evaluated Meta-MAMC on two popular datasets and a corpus of real-world Android applications. The results demonstrate its efficacy in accurately classifying malicious applications belonging to certain malware families, even achieving 100% classification in some families. 2024-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9429 info:doi/10.1145/3664806 https://ink.library.smu.edu.sg/context/sis_research/article/10429/viewcontent/3664806_pvoa_cc_by.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android malware family meta-learning classification Information Security Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Android
malware family
meta-learning
classification
Information Security
Software Engineering
spellingShingle Android
malware family
meta-learning
classification
Information Security
Software Engineering
LI, Yao
YUAN, Dawei
ZHANG, Tao
CAI, Haipeng
LO, David
GAO, Cuiyun
LUO, Xiapu
JIANG, He
Meta-learning for multi-family Android malware classification
description With the emergence of smartphones, Android has become a widely used mobile operating system. However, it is vulnerable when encountering various types of attacks. Every day, new malware threatens the security of users' devices and private data. Many methods have been proposed to classify malicious applications, utilizing static or dynamic analysis for classification. However, previous methods still suffer from unsatisfactory performance due to two challenges. First, they are unable to address the imbalanced data distribution problem, leading to poor performance for malware families with few members. Second, they are unable to address the zero-day malware (zero-day malware refers to malicious applications that exploit unknown vulnerabilities) classification problem. In this article, we introduce an innovative meta-learning approach for multi-family Android malware classification named Meta-MAMC, which uses meta-learning technology to learn meta-knowledge (i.e., the similarities and differences among different malware families) of few-family samples and combines new sampling algorithms to solve the above challenges. Meta-MAMC integrates (i) the meta-knowledge contained within the dataset to guide models in learning to identify unknown malware; and (ii) more accurate and diverse tasks based on novel sampling strategies, as well as directly adapting metalearning to a new few-sample and zero-sample task to classify families. We have evaluated Meta-MAMC on two popular datasets and a corpus of real-world Android applications. The results demonstrate its efficacy in accurately classifying malicious applications belonging to certain malware families, even achieving 100% classification in some families.
format text
author LI, Yao
YUAN, Dawei
ZHANG, Tao
CAI, Haipeng
LO, David
GAO, Cuiyun
LUO, Xiapu
JIANG, He
author_facet LI, Yao
YUAN, Dawei
ZHANG, Tao
CAI, Haipeng
LO, David
GAO, Cuiyun
LUO, Xiapu
JIANG, He
author_sort LI, Yao
title Meta-learning for multi-family Android malware classification
title_short Meta-learning for multi-family Android malware classification
title_full Meta-learning for multi-family Android malware classification
title_fullStr Meta-learning for multi-family Android malware classification
title_full_unstemmed Meta-learning for multi-family Android malware classification
title_sort meta-learning for multi-family android malware classification
publisher Institutional Knowledge at Singapore Management University
publishDate 2024
url https://ink.library.smu.edu.sg/sis_research/9429
https://ink.library.smu.edu.sg/context/sis_research/article/10429/viewcontent/3664806_pvoa_cc_by.pdf
_version_ 1814777849232490496