Journal of Systems Engineering and Electronics ›› 2024, Vol. 35 ›› Issue (1): 163-177.doi: 10.23919/JSEE.2024.000018

• SYSTEMS ENGINEERING • Previous Articles    

DCEL: classifier fusion model for Android malware detection

Xiaolong XU1,*(), Shuai JIANG2(), Jinbo ZHAO2(), Xinheng WANG3()   

  1. 1 Jiangsu Key Laboratory of Big Data Security & Intelligent Processing, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
    2 School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
    3 School of Computing and Engineering, University of West London, London W5 5RF, UK
  • Received:2021-12-16 Online:2024-02-18 Published:2024-03-05
  • Contact: Xiaolong XU E-mail:xuxl@njupt.edu.cn;1018041226@njupt.edu.cn;2021070705@njupt.edu.cn;xinheng.wang@uwl.ac.uk
  • About author:
    XU Xiaolong was born in 1977. He received his B.S. degree in computer and its applications, M.S. degree in computer software and theories and Ph.D. degree in communications and information systems at Nanjing University of Posts & Telecommunications, Nanjing, China, in 1999, 2002 and 2008, respectively. He worked as a postdoctoral researcher at Station of Electronic Science and Technology, Nanjing University of Posts & Telecommunications from 2011 to 2013. He is currently a professor in College of Computer, Nanjing University of Posts & Telecommunications. His current research interests include cloud computing and big data and information security. E-mail: xuxl@njupt.edu.cn

    JIANG Shuai was born in 1995. He received his B.E. degree in computer science and technology from Nanjing University of Posts and Telecommunications, Nanjing, China, in 2018. He is currently working as a researcher for Jiangsu Key Laboratory of Big Data Security & Intelligent Processing, Nanjing, China. His research interests include big data mining and information security. E-mail: 1018041226@njupt.edu.cn

    ZHAO Jinbo was born in 1999. He received his B.E. degree in Internet of Things engineering from Nanjing University of Posts and Telecommunications, Nanjing, China, in 2021. He is currently working for his Ph.D. degree in information network at Nanjing University of Posts and Telecommunications. His research interests include artificial intelligence and its application. E-mail: 2021070705@njupt.edu.cn

    WANG Xinheng was born in 1968. He received his B.E. and M.S. degrees in electrical engineering from Xi’an Jiaotong University, Xi’an, China, in 1991 and 1994, respectively, and Ph.D. degree in computing and electronics from Brunel University, Uxbridge, U.K., in 2001. He is currently a professor of networks with the School of Computing and Engineering, University of West London, London, U.K. His current research interests include wireless networks, Internet of Things, converged indoor positioning, cloud computing, and applications of wireless and computing technologies for health care. E-mail: xinheng.wang@uwl.ac.uk
  • Supported by:
    This work was supported by the National Natural Science Foundation of China (62072255).

Abstract:

The rapid growth of mobile applications, the popularity of the Android system and its openness have attracted many hackers and even criminals, who are creating lots of Android malware. However, the current methods of Android malware detection need a lot of time in the feature engineering phase. Furthermore, these models have the defects of low detection rate, high complexity, and poor practicability, etc. We analyze the Android malware samples, and the distribution of malware and benign software in application programming interface (API) calls, permissions, and other attributes. We classify the software’s threat levels based on the correlation of features. Then, we propose deep neural networks and convolutional neural networks with ensemble learning (DCEL), a new classifier fusion model for Android malware detection. First, DCEL preprocesses the malware data to remove redundant data, and converts the one-dimensional data into a two-dimensional gray image. Then, the ensemble learning approach is used to combine the deep neural network with the convolutional neural network, and the final classification results are obtained by voting on the prediction of each single classifier. Experiments based on the Drebin and Malgenome datasets show that compared with current state-of-art models, the proposed DCEL has a higher detection rate, higher recall rate, and lower computational cost.

Key words: Android malware detection, deep learning, ensemble learning, model fusion