ALDROID: efficient update of Android anti-virus software using designated active learning methods

Nir Nissim, Robert Moskovitch, Oren BarAd, Lior Rokach, Yuval Elovici

Knowledge and Information Systems 49, 795-833, 2016

Many new unknown malwares aimed at compromising smartphones are created constantly. These widely used smartphones are very dependent on anti-virus solutions due to their limited resources. To update the anti-virus signature repository, anti-virus vendors must deal with vast quantities of new applications daily in order to identify new unknown malwares. Machine learning algorithms have been used to address this task, yet they must also be efficiently updated on a daily basis. To improve detection and updatability, we introduce a new framework, “ALDROID” and active learning (AL) methods on which ALDROID is based. Our methods are aimed at selecting only new informative applications (benign and especially malicious), thus reducing the labeling efforts of security experts, and enable a frequent and efficient process of enhancing the framework’s detection model and Android’s anti-virus software …