WinDroid: A Novel Framework for Windows and Android Malware Family Classification Using Hierarchical Ensemble Support Vector Machines With Multiview Handcrafted and Deep Learning Features
IF 2.6 4区 计算机科学Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
{"title":"WinDroid: A Novel Framework for Windows and Android Malware Family Classification Using Hierarchical Ensemble Support Vector Machines With Multiview Handcrafted and Deep Learning Features","authors":"K. Sundara Krishnan, S. Syed Suhaila","doi":"10.1049/ise2/8843518","DOIUrl":null,"url":null,"abstract":"<p>The rapid growth and diversification of malware variants, driven by advanced code obfuscation, evasion, and antianalysis techniques, present a significant threat to cybersecurity. The inadequacy of traditional methods in accurately classifying these evolving threats highlights the need for effective and robust malware classification techniques. This article presents WinDroid, a novel visualization-based framework for Windows and Android malware family (AMF) classification using hybrid features and hierarchical ensemble learning. The WinDroid system employs a multistage approach to malware classification, transforming binaries into Markov grayscale images, enhanced via contrast-limited-adaptive-histogram-equalization and gamma correction. Deep learning and handcrafted features are extracted and fuzed using graph attention networks (GATs), feeding into hierarchical support vector machines (SVMs) for accurate family classification. This framework effectively reduces information loss, enhances computational efficiency, and demonstrates outstanding performance. WinDroid delivers excellent results, achieving 99.53% accuracy on Windows and 99.65% on AMF classification, along with Cohen’s kappa coefficients of 99.01% and 99.28%, respectively, and outperforming state-of-the-art baseline methods.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"2025 1","pages":""},"PeriodicalIF":2.6000,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ise2/8843518","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Information Security","FirstCategoryId":"94","ListUrlMain":"https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/ise2/8843518","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The rapid growth and diversification of malware variants, driven by advanced code obfuscation, evasion, and antianalysis techniques, present a significant threat to cybersecurity. The inadequacy of traditional methods in accurately classifying these evolving threats highlights the need for effective and robust malware classification techniques. This article presents WinDroid, a novel visualization-based framework for Windows and Android malware family (AMF) classification using hybrid features and hierarchical ensemble learning. The WinDroid system employs a multistage approach to malware classification, transforming binaries into Markov grayscale images, enhanced via contrast-limited-adaptive-histogram-equalization and gamma correction. Deep learning and handcrafted features are extracted and fuzed using graph attention networks (GATs), feeding into hierarchical support vector machines (SVMs) for accurate family classification. This framework effectively reduces information loss, enhances computational efficiency, and demonstrates outstanding performance. WinDroid delivers excellent results, achieving 99.53% accuracy on Windows and 99.65% on AMF classification, along with Cohen’s kappa coefficients of 99.01% and 99.28%, respectively, and outperforming state-of-the-art baseline methods.
期刊介绍:
IET Information Security publishes original research papers in the following areas of information security and cryptography. Submitting authors should specify clearly in their covering statement the area into which their paper falls.
Scope:
Access Control and Database Security
Ad-Hoc Network Aspects
Anonymity and E-Voting
Authentication
Block Ciphers and Hash Functions
Blockchain, Bitcoin (Technical aspects only)
Broadcast Encryption and Traitor Tracing
Combinatorial Aspects
Covert Channels and Information Flow
Critical Infrastructures
Cryptanalysis
Dependability
Digital Rights Management
Digital Signature Schemes
Digital Steganography
Economic Aspects of Information Security
Elliptic Curve Cryptography and Number Theory
Embedded Systems Aspects
Embedded Systems Security and Forensics
Financial Cryptography
Firewall Security
Formal Methods and Security Verification
Human Aspects
Information Warfare and Survivability
Intrusion Detection
Java and XML Security
Key Distribution
Key Management
Malware
Multi-Party Computation and Threshold Cryptography
Peer-to-peer Security
PKIs
Public-Key and Hybrid Encryption
Quantum Cryptography
Risks of using Computers
Robust Networks
Secret Sharing
Secure Electronic Commerce
Software Obfuscation
Stream Ciphers
Trust Models
Watermarking and Fingerprinting
Special Issues. Current Call for Papers:
Security on Mobile and IoT devices - https://digital-library.theiet.org/files/IET_IFS_SMID_CFP.pdf