CrowdNet: Identifying Large-Scale Malicious Attacks over Android Kernel Structures

Abstract

While malicious attacks in Android devices are growing, machine learning-based malware prediction has become time-consuming and space-consuming. Open-source parallel frameworks for massive data processing can efficiently deal with iterative machine learning tasks based on their distributed computation and in-memory abstraction, but the performance of category validation actually degrades over Android kernel features in taskstruct. In this paper, to thoroughly investigate Android kernel behaviors, we first present a kernel feature based framework, CrowdNet, for cloud computing platforms. CrowdNet includes an automatic data provider that collects footprints of kernel features and a parallel malware predictor that validates Android malicious behaviors. Then we calculate and select hidden centers by a heuristic approach for 12,750 Android applications to reduce the number of iterations and time complexity. Our experimental results show that CrowdNet protects large-scale data validation and speeds up the learning of kernel behaviors twofold. Further, identifying malicious attacks with CrowdNet improves the classification efficiency compared to traditional neural network and other machine learning techniques.