Unleash the Power for Tensor: A Hybrid Malware Detection System Using Ensemble Classifiers

• Published in: 2017 IEEE International Symposium on Parallel and Distributed Processing with Applications and 2017 IEEE International Conference on Ubiquitous Computing and Communications (ISPA IUCC) pp. 1130 - 1137
• Main Authors: Hou, Jieqiong, Xue, Minhui, Qian, Haifeng
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.12.2017
• Subjects: Boosting; Boosting generalization; Ensemble learning; Feature extraction; Filtering algorithms; Forestry; Malware; Malware detection; Measurement; Tensile stress; Tensor decomposition; TFBOOST
• DOI: 10.1109/ISPA/IUCC.2017.00170

The extensive growth of smartphones has spawned the propagation of malicious applications. Due to the increasing use of polymorphic malware, detection is becoming more difficult. To this end, ensemble learning has been proposed to improve accuracy in malware detection, without severely sacrificing time complexity. In this paper, we propose a hybrid detection system, TFBOOST, which incorporates the tensor filter algorithm into boosting ensemble generalization architecture, in order to improve detection efficacy. TFBOOST uses a static analysis to extract features and a level-by-level boosting structure with re-sampling process to diversify base learners. Experimental results show that TFBOOST generally outperforms state-of-the-art ensemble algorithms with higher detection precision and lower false positive rates. Finally, we visually interpret the high-level results of TFBOOST and conjecture that repackaged malware is the mainstay of potential malware.