EC2 : Ensemble Clustering and Classification for Predicting Android Malware Families
- Submitting institution
-
King's College London
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 126663697
- Type
- D - Journal article
- DOI
-
10.1109/TDSC.2017.2739145
- Title of journal
- IEEE Transactions on Dependable and Secure Computing
- Article number
- 8013726
- First page
- 262
- Volume
- 17
- Issue
- 2
- ISSN
- 1545-5971
- Open access status
- Deposit exception
- Month of publication
- August
- Year of publication
- 2017
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
2
- Research group(s)
-
-
- Citation count
- 7
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- Malware family classification literature focuses on clustering malware with many examples, ignoring rare/unseen families. The introduced EC2 algorithm overcomes this great limitation. EC2 can detect with high accuracy *both* large and small families—even if previously unseen (zero-day families). A crucial aspect is that EC2 boosts clustering through classification in an entirely novel way, outperforming similar ensemble attempts in ML literature. Comparative experiments on two large malware datasets show that EC2 strongly outperforms several state-of-the-art solutions from a wide spectrum of approaches. EC2 is general and can be immediately used also in other domains which present highly skewed class distributions.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -