An improved Android malware detection scheme based on an evolving hybrid neuro-fuzzy classifier (EHNFC) and permission-based features

The increasing number of Android devices and users has been attracting the attention of different types of attackers. Malware authors create new versions of malware from previous ones by implementing code obfuscation techniques. Obfuscated malware is potentially contributed to the exponential increase in the number of generated malware variants. Detection of obfuscated malware is a continuous challenge because it can easily evade the signature-based malware detectors, and behaviour-based detectors are not able to detect them accurately. Therefore, an efficient technique for obfuscated malware detection in Android-based smartphones is needed. In the literature on Android malware classification, few malware detection approaches are designed with the capability of detecting obfuscated malware. However, these malware detection approaches were not equipped with the capacity to improve their performance by learning and evolving their malware detection rules. Based on the concept of evolving soft computing systems, this paper proposes an evolving hybrid neuro-fuzzy classifier (EHNFC) for Android malware classification using permission-based features. The proposed EHNFC not only has the capability of detecting obfuscated malware using fuzzy rules, but can also evolve its structure by learning new malware detection fuzzy rules to improve its detection accuracy when used in detection of more malware applications. To this end, an evolving clustering method for adapting and evolving malware detection fuzzy rules was modified to incorporate an adaptive procedure for updating the radii and centres of clustered permission-based features. This modification to the evolving clustering method enhances cluster convergence and generates rules that are better tailored to the input data, hence improving the classification accuracy of the proposed EHNFC. The experimental results for the proposed EHNFC show that the proposal outperforms several state-of-the-art obfuscated malware classification approaches in terms of false negative rate (0.05) and false positive rate (0.05). The results also demonstrate that the proposal detects the Android malware better than other neuro-fuzzy systems (viz., the adaptive neuro-fuzzy inference system and the dynamic evolving neuro-fuzzy system) in terms of accuracy (90%).