Open AccessA stacking-based classification approach to android malware using host-level encrypted traffic
Author(s) -
Zhixing Xue,
Weiiu,
Xixuan Ren,
Jie Li,
Xiaosong Zhang,
Ruidong Chen
Publication year - 2021
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/2024/1/012049
Subject(s) - malware , computer science , random forest , android (operating system) , support vector machine , android malware , encryption , machine learning , artificial intelligence , cluster analysis , data mining , computer security , operating system
In recent years, smartphones have been developing fast. Android, a mobile platform convenient and open to all, has attracted more audience than any one of its counterpart. However, mobile devices are frequently attacked by malware, which calls to malware detection. Currently, we are lacking studies of Android malware detection based on ensemble learning. In this work, we propose a model to detect Android malware. The model takes the encrypted traffic that the malware generates as input. Through clustering, the model removes the third-party traffic and retains the purity of the first-party traffic. The model extracts traffic features to construct host-level traffic fingerprint and classifies the malware through stacking-based ensemble learning. We use the publicly available dataset CICAndMal2017 to build the classification model. This dataset successfully classifies malware into different categories. In the controlled experiments we use SVM and Random Forest models. The results show that our model is significantly more accurate in classifying malware than SVM and Random Forest models, with an accurate rate of 96.7% in the optimal condition.