Android Malware Classification: Updating Features Through Incremental Learning Approach(UFILA)

Abstract

Exponential growth of the use of connected objects, in particular of smartphones, is the consequence of the digitization of services. All types of applications, from the least critical to the most critical are available on mobile devices through mobile applications. The daily penetration of mobile applications in widely used devices brings certain threats. We find in the software repositories malwares and good application at the same time, which is a major cybersecurity problem. To resolve this problem, machine learning approaches have been proposed in the literature for the detection of malware in general and Android malicious applications in particular. Obfuscation techniques are used by developers to hide malicious applications that implies the need to update Android malware detection models. But many approaches in the literature are more focus on data than features. Hence our contribution is an incremental learning approach capable of detecting Android malware. We propose through UFILA approach an updating of features for the detection and classification of android malware by adding new features. We evaluated 13 classification algorithms and chose four most efficient algorithms to implement our approach. The results obtained by our approach surpass several malware detection approaches in the literature. The values of the metrics obtained respectively by the Accuracy, the precision, the recall and an F1-Score are 99%, 99%,98.6 %98%.