MFEMDroid: A Novel Malware Detection Framework Using Combined Multitype Features and Ensemble Modeling

Abstract

The continuous malicious attacks on Internet of Things devices pose a potential threat to the economic and private information security of end-users, especially on the dominant Android devices. Combining static analysis methods with deep Learning is a promising approach to defend against that. This kind of method has two limitations: the first is that the current single-permission mechanism is not insufficient to regulate interapplication resource acquisition; another problem is that current work on feature learning is dedicated to modifying a single network structure, which may result in a suboptimal solution. In this study, to solve the abovementioned problems, we propose a novel malware detection framework MFEMDroid, which combines multitype features analysis and ensemble modeling. The Provider feature, facilitating information requests between applications (apps) and serving as an indispensable data storage method, plays a vital role in characterizing app behavior. Hence, we extract permissions and Provider features to comprehensively characterize app behavior and probe potentially dangerous combinations between or within these features. To address oversparse datasets and reduce feature learning overhead, we employ an auto-encoder for feature dimensionality reduction. Furthermore, we design an ensemble network based on SENet, ResNet, and the evolutionary convolutional neural network Squeeze Excitation Residual Network (SEResNet) to explore the hidden associations between different types of features from multiple perspectives. We performed extensive experiments to evaluate its method performance on real-world samples. The evaluation results demonstrate that the proposed framework can detect malware with an accuracy of 95.38%, which is much better than state-of-the-art solutions. These promising experimental results show that MFEMDroid is an effective approach to detect Android malware.