How online learning algorithms can help improve Android malware detection - Help Net Security

A group of researchers from Nanyang Technological University, Singapore, have created a novel solution for large-scale Android malware detection. It's called DroidOL, and it's an adaptive and scalable malware detection framework based on online learning. "DroidOL's achieves superior accuracy through extracting high quality features from inter-procedural control-flow graphs (ICFGs) of apps, which are known to be robust against evasion and obfuscation techniques adopted by malware," the researchers explained. They used the Weisfeiler-Lehman (WL) graph kernel to extract semantic features from ICFGs, and finally, online learning to distinguish between benign and malicious apps. They attribute much of the success of their technique to the use of a scalable online learning classifier instead of batch-learning classifiers (which are not).