With its open architecture Android has always been seen by threat actors as boon for creating and distributing malware. One security vendor estimates as much 20 per cent of Android apps on the market have malware.
Security vendors are already using a number of techniques to detect Android malware, including artificial neural networks but at the annual Conference on Knowledge Discovery and Data Mining (KDD 2017), being held this year in Halifax. researchers from the U.S. and Hong Kong say they have created a machine learning technique that could push detection to almost 100 per cent.
The researchers say the technique could help vendor and enterprise analysts cut down the amount of time needed to recognize Android malware.
The idea is to use algorithms to analyze the relationships between API calls in Android apps, because they can represent behaviours. This isn’t new. What is new is the structured heterogenous information network — or HIN — to depict relationships between apps and APIs. Briefly, similarities between apps can be defined by different metapaths, and these paths can be automatically weighted by a multi-kernel learning algorithm for malware detection.
The researchers, from West Virginia University and Hong Kong University of Science and Technology, dub their algorithm HinDroid.
According to a paper to be presented at the conference Tuesday, with tuning HinDroid had a 98.6 per cent recognition rate in the lab. By comparison, in tests with identical malware samples other techniques that use extracted API calls, including artificial neural network(ANN), naive Bayes (NB), decision tree(DT),and support vector machine(SVM) had recognition rates varying from 88.6 per cent to 95.2 per cent.
The research was in part funded by New Jersey-based security vendor Comodo Group, which is testing the technique for possible use in its cloud-based enterprise mobile security service. “I am quite hopeful we will be using it in a very short time,” Fatih Orhan, vice-president of the company’s Threat Labs, said in an interview. A similar technique for detecting Windows malware is already being used in production, he said.
The paper is being presented at the annual Conference on Knowledge Discovery and Data Mining (KDD2017) , being held this year in Halifax. Last year over 2,700 researchers from universities and industry participated in the conference.
The Android malware paper was written by Yanfang Ye, an assistant professor at the department of computer science and electronic engineering, West Virginia University, Shifu Hou, one of her students and Yangqiu Song, assistant professor, department of computer science and engineering, Hong Kong University of Science and Technology and a and former assistant professor at WVU.
In an interview Ye said she has been working on intelligent malware detection for almost a decade, including time spent at Comodo as a principle scientist before she joined the university. Song’s speciality is in data mining and learning algorithms, including work on heterogeneous information networks. When he came to WVU in 2105 he talked to Ye about the work might come together to could improve malware detection.
A wide range of papers will be presented at the conference. For example,
–researchers at Toronto’s York University and the University of Connecticut will propose a data mining framework to help tge financial sector calculate the valuation of large portfolios of variable annuity contracts, which are tax-deferred retirement vehicles;
–Yu Zheng of Microsoft Research, who is also editor-in-chief of ACM Transactions on Intelligent Systems and Technology, will talk on enabling intelligent cities with AI and big data including environmental protection and urban planning;
–researchers from SAS Institute will show how a multi-task learning regression framework can be used to predict Parkinson’s disease progression;
–researchers from Hebrew University of Jerusalem and Carnegie Mellon University will present a paper looking at combining crowdsourcing and recurrent neural networks to extract knowledge from descriptions in large idea repositories, like patent applications. Briefly, people searching through such repositories could discover solutions to similar problems they are trying to solve;
–one paper from University of Illinois and U.S. Army researchers proposes a way for early detection of significant events (such as a protest or disaster) to help disaster control or crime monitoring, The technique leverages multimodal embeddings of the location, time, and text to achieve accurate online local event detection, whose current the state-of-the-art method from 36.8 per cent to 80.4 per cent.