Current browse context:
cs.LG
Change to browse by:
References & Citations
Computer Science > Cryptography and Security
Title: Towards a Fair Comparison and Realistic Evaluation Framework of Android Malware Detectors based on Static Analysis and Machine Learning
(Submitted on 25 May 2022 (v1), last revised 6 Oct 2022 (this version, v2))
Abstract: As in other cybersecurity areas, machine learning (ML) techniques have emerged as a promising solution to detect Android malware. In this sense, many proposals employing a variety of algorithms and feature sets have been presented to date, often reporting impresive detection performances. However, the lack of reproducibility and the absence of a standard evaluation framework make these proposals difficult to compare. In this paper, we perform an analysis of 10 influential research works on Android malware detection using a common evaluation framework. We have identified five factors that, if not taken into account when creating datasets and designing detectors, significantly affect the trained ML models and their performances. In particular, we analyze the effect of (1) the presence of duplicated samples, (2) label (goodware/greyware/malware) attribution, (3) class imbalance, (4) the presence of apps that use evasion techniques and, (5) the evolution of apps. Based on this extensive experimentation, we conclude that the studied ML-based detectors have been evaluated optimistically, which justifies the good published results. Our findings also highlight that it is imperative to generate realistic experimental scenarios, taking into account the aforementioned factors, to foster the rise of better ML-based Android malware detection solutions.
Submission history
From: Borja Molina-Coronado [view email][v1] Wed, 25 May 2022 08:28:08 GMT (260kb,D)
[v2] Thu, 6 Oct 2022 09:51:53 GMT (925kb,D)
Link back to: arXiv, form interface, contact.