IEEE Trans Cybern. 2019 Feb;49(2):453-466. doi: 10.1109/TCYB.2017.2777960. Epub 2018 Jan 3.
Android malware has continued to grow in volume and complexity posing significant threats to the security of mobile devices and the services they enable. This has prompted increasing interest in employing machine learning to improve Android malware detection. In this paper, we present a novel classifier fusion approach based on a multilevel architecture that enables effective combination of machine learning algorithms for improved accuracy. The framework (called DroidFusion), generates a model by training base classifiers at a lower level and then applies a set of ranking-based algorithms on their predictive accuracies at the higher level in order to derive a final classifier. The induced multilevel DroidFusion model can then be utilized as an improved accuracy predictor for Android malware detection. We present experimental results on four separate datasets to demonstrate the effectiveness of our proposed approach. Furthermore, we demonstrate that the DroidFusion method can also effectively enable the fusion of ensemble learning algorithms for improved accuracy. Finally, we show that the prediction accuracy of DroidFusion, despite only utilizing a computational approach in the higher level, can outperform stacked generalization, a well-known classifier fusion method that employs a meta-classifier approach in its higher level.
安卓恶意软件的数量和复杂性持续增长,对移动设备及其所支持的服务的安全构成了重大威胁。这促使人们越来越有兴趣利用机器学习来提高安卓恶意软件检测的准确性。在本文中,我们提出了一种新的基于多层次架构的分类器融合方法,能够有效地结合机器学习算法,以提高准确性。该框架(称为 DroidFusion)通过在较低层次上训练基础分类器生成模型,然后在较高层次上应用一组基于排序的算法来评估它们的预测准确性,以得出最终的分类器。所得到的多层次 DroidFusion 模型可以用作改进安卓恶意软件检测准确性的预测器。我们在四个独立的数据集上进行了实验,以验证我们所提出的方法的有效性。此外,我们还证明,DroidFusion 方法还可以有效地融合集成学习算法以提高准确性。最后,我们表明,尽管在较高层次上仅使用计算方法,DroidFusion 的预测准确性仍可以优于堆叠泛化,后者是一种著名的分类器融合方法,在较高层次上使用元分类器方法。