On the Application of Active Learning to Handle Data Evolution in Android Malware Detection

Alejandro Guerra-Manzanares; Bahsi Hayretdin

doi:10.1007/978-3-031-36574-4_15

On the Application of Active Learning to Handle Data Evolution in Android Malware Detection

Alejandro Guerra-Manzanares, Bahsi Hayretdin

School of Computer Science

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

Mobile malware detection remains a significant challenge in the rapidly evolving cyber threat landscape. Although the research about the application of machine learning methods to this problem has provided promising results, still, maintaining continued success at detecting malware in operational environments depends on holistically solving challenges regarding the feature variations of malware apps that occur over time and the high costs associated with data labeling. The present study explores the adaptation of the active learning approach for inducing detection models in a non-stationary setting and shows that this approach provides high detection performance with a minimal set of labeled data for a long time when the uncertainty-based sampling strategy is applied. The models that are induced using dynamic, static and hybrid features of mobile malware are compared against baseline approaches. Although active learning has been adapted to many problem domains, it has not been explored in mobile malware detection extensively, especially for non-stationary settings.

Original language	English
Title of host publication	Digital Forensics and Cyber Crime - 13th EAI International Conference, ICDF2C 2022, Proceedings
Editors	Sanjay Goel, Akatyev Nikolay, Daryl Johnson, Pavel Gladyshev, George Markowsky
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	256-273
Number of pages	18
ISBN (Print)	9783031365737
DOIs	https://doi.org/10.1007/978-3-031-36574-4_15
Publication status	Published - 2023
Event	13th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2022 - Boston, United States Duration: 16 Nov 2022 → 18 Nov 2022

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	508 LNICST
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	13th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2022
Country/Territory	United States
City	Boston
Period	16/11/22 → 18/11/22

Keywords

active learning
Android
concept drift
data evolution
malware detection
mobile malware

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-031-36574-4_15

Cite this

Guerra-Manzanares, A., & Hayretdin, B. (2023). On the Application of Active Learning to Handle Data Evolution in Android Malware Detection. In S. Goel, A. Nikolay, D. Johnson, P. Gladyshev, & G. Markowsky (Eds.), Digital Forensics and Cyber Crime - 13th EAI International Conference, ICDF2C 2022, Proceedings (pp. 256-273). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 508 LNICST). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-36574-4_15

Guerra-Manzanares, Alejandro ; Hayretdin, Bahsi. / On the Application of Active Learning to Handle Data Evolution in Android Malware Detection. Digital Forensics and Cyber Crime - 13th EAI International Conference, ICDF2C 2022, Proceedings. editor / Sanjay Goel ; Akatyev Nikolay ; Daryl Johnson ; Pavel Gladyshev ; George Markowsky. Springer Science and Business Media Deutschland GmbH, 2023. pp. 256-273 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{a707e6e23c6049dbb7efbd1a1006ea38,

title = "On the Application of Active Learning to Handle Data Evolution in Android Malware Detection",

abstract = "Mobile malware detection remains a significant challenge in the rapidly evolving cyber threat landscape. Although the research about the application of machine learning methods to this problem has provided promising results, still, maintaining continued success at detecting malware in operational environments depends on holistically solving challenges regarding the feature variations of malware apps that occur over time and the high costs associated with data labeling. The present study explores the adaptation of the active learning approach for inducing detection models in a non-stationary setting and shows that this approach provides high detection performance with a minimal set of labeled data for a long time when the uncertainty-based sampling strategy is applied. The models that are induced using dynamic, static and hybrid features of mobile malware are compared against baseline approaches. Although active learning has been adapted to many problem domains, it has not been explored in mobile malware detection extensively, especially for non-stationary settings.",

keywords = "active learning, Android, concept drift, data evolution, malware detection, mobile malware",

author = "Alejandro Guerra-Manzanares and Bahsi Hayretdin",

note = "Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2023.; 13th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2022 ; Conference date: 16-11-2022 Through 18-11-2022",

year = "2023",

doi = "10.1007/978-3-031-36574-4_15",

language = "English",

isbn = "9783031365737",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "256--273",

editor = "Sanjay Goel and Akatyev Nikolay and Daryl Johnson and Pavel Gladyshev and George Markowsky",

booktitle = "Digital Forensics and Cyber Crime - 13th EAI International Conference, ICDF2C 2022, Proceedings",

address = "Germany",

}

Guerra-Manzanares, A & Hayretdin, B 2023, On the Application of Active Learning to Handle Data Evolution in Android Malware Detection. in S Goel, A Nikolay, D Johnson, P Gladyshev & G Markowsky (eds), Digital Forensics and Cyber Crime - 13th EAI International Conference, ICDF2C 2022, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 508 LNICST, Springer Science and Business Media Deutschland GmbH, pp. 256-273, 13th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2022, Boston, United States, 16/11/22. https://doi.org/10.1007/978-3-031-36574-4_15

On the Application of Active Learning to Handle Data Evolution in Android Malware Detection. / Guerra-Manzanares, Alejandro; Hayretdin, Bahsi.
Digital Forensics and Cyber Crime - 13th EAI International Conference, ICDF2C 2022, Proceedings. ed. / Sanjay Goel; Akatyev Nikolay; Daryl Johnson; Pavel Gladyshev; George Markowsky. Springer Science and Business Media Deutschland GmbH, 2023. p. 256-273 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 508 LNICST).

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the Application of Active Learning to Handle Data Evolution in Android Malware Detection

AU - Guerra-Manzanares, Alejandro

AU - Hayretdin, Bahsi

N1 - Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2023.

PY - 2023

Y1 - 2023

N2 - Mobile malware detection remains a significant challenge in the rapidly evolving cyber threat landscape. Although the research about the application of machine learning methods to this problem has provided promising results, still, maintaining continued success at detecting malware in operational environments depends on holistically solving challenges regarding the feature variations of malware apps that occur over time and the high costs associated with data labeling. The present study explores the adaptation of the active learning approach for inducing detection models in a non-stationary setting and shows that this approach provides high detection performance with a minimal set of labeled data for a long time when the uncertainty-based sampling strategy is applied. The models that are induced using dynamic, static and hybrid features of mobile malware are compared against baseline approaches. Although active learning has been adapted to many problem domains, it has not been explored in mobile malware detection extensively, especially for non-stationary settings.

AB - Mobile malware detection remains a significant challenge in the rapidly evolving cyber threat landscape. Although the research about the application of machine learning methods to this problem has provided promising results, still, maintaining continued success at detecting malware in operational environments depends on holistically solving challenges regarding the feature variations of malware apps that occur over time and the high costs associated with data labeling. The present study explores the adaptation of the active learning approach for inducing detection models in a non-stationary setting and shows that this approach provides high detection performance with a minimal set of labeled data for a long time when the uncertainty-based sampling strategy is applied. The models that are induced using dynamic, static and hybrid features of mobile malware are compared against baseline approaches. Although active learning has been adapted to many problem domains, it has not been explored in mobile malware detection extensively, especially for non-stationary settings.

KW - active learning

KW - Android

KW - concept drift

KW - data evolution

KW - malware detection

KW - mobile malware

UR - http://www.scopus.com/inward/record.url?scp=85212263620&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-36574-4_15

DO - 10.1007/978-3-031-36574-4_15

M3 - Conference contribution

AN - SCOPUS:85212263620

SN - 9783031365737

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 256

EP - 273

BT - Digital Forensics and Cyber Crime - 13th EAI International Conference, ICDF2C 2022, Proceedings

A2 - Goel, Sanjay

A2 - Nikolay, Akatyev

A2 - Johnson, Daryl

A2 - Gladyshev, Pavel

A2 - Markowsky, George

PB - Springer Science and Business Media Deutschland GmbH

T2 - 13th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2022

Y2 - 16 November 2022 through 18 November 2022

ER -

Guerra-Manzanares A, Hayretdin B. On the Application of Active Learning to Handle Data Evolution in Android Malware Detection. In Goel S, Nikolay A, Johnson D, Gladyshev P, Markowsky G, editors, Digital Forensics and Cyber Crime - 13th EAI International Conference, ICDF2C 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 256-273. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-031-36574-4_15

On the Application of Active Learning to Handle Data Evolution in Android Malware Detection

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this