Unraveling the Key of Machine Learning Solutions for Android Malware
Detection
- URL: http://arxiv.org/abs/2402.02953v1
- Date: Mon, 5 Feb 2024 12:31:19 GMT
- Title: Unraveling the Key of Machine Learning Solutions for Android Malware
Detection
- Authors: Jiahao Liu, Jun Zeng, Fabio Pierazzi, Lorenzo Cavallaro, Zhenkai Liang
- Abstract summary: This paper presents a comprehensive investigation into machine learning-based Android malware detection.
We first survey the literature, categorizing contributions into a taxonomy based on the Android feature engineering and ML modeling pipeline.
Then, we design a general-propose framework for ML-based Android malware detection, re-implement 12 representative approaches from different research communities, and evaluate them from three primary dimensions, i.e. effectiveness, robustness, and efficiency.
- Score: 33.63795751798441
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Android malware detection serves as the front line against malicious apps.
With the rapid advancement of machine learning (ML), ML-based Android malware
detection has attracted increasing attention due to its capability of
automatically capturing malicious patterns from Android APKs. These
learning-driven methods have reported promising results in detecting malware.
However, the absence of an in-depth analysis of current research progress makes
it difficult to gain a holistic picture of the state of the art in this area.
This paper presents a comprehensive investigation to date into ML-based
Android malware detection with empirical and quantitative analysis. We first
survey the literature, categorizing contributions into a taxonomy based on the
Android feature engineering and ML modeling pipeline. Then, we design a
general-propose framework for ML-based Android malware detection, re-implement
12 representative approaches from different research communities, and evaluate
them from three primary dimensions, i.e., effectiveness, robustness, and
efficiency. The evaluation reveals that ML-based approaches still face open
challenges and provides insightful findings like more powerful ML models are
not the silver bullet for designing better malware detectors. We further
summarize our findings and put forth recommendations to guide future research.
Related papers
- AppPoet: Large Language Model based Android malware detection via multi-view prompt engineering [1.3197408989895103]
AppPoet is a multi-view system for Android malware detection.
Our method achieves a detection accuracy of 97.15% and an F1 score of 97.21%.
arXiv Detail & Related papers (2024-04-29T15:52:45Z) - Vulnerability of Machine Learning Approaches Applied in IoT-based Smart Grid: A Review [51.31851488650698]
Machine learning (ML) sees an increasing prevalence of being used in the internet-of-things (IoT)-based smart grid.
adversarial distortion injected into the power signal will greatly affect the system's normal control and operation.
It is imperative to conduct vulnerability assessment for MLsgAPPs applied in the context of safety-critical power systems.
arXiv Detail & Related papers (2023-08-30T03:29:26Z) - On building machine learning pipelines for Android malware detection: a
procedural survey of practices, challenges and opportunities [4.8460847676785175]
As the smartphone market leader, Android has been a prominent target for malware attacks.
For market holders and researchers, in particular, the large number of samples has made manual malware detection unfeasible.
While some of the proposed approaches achieve high performance, rapidly evolving Android malware has made them unable to maintain their accuracy over time.
arXiv Detail & Related papers (2023-06-12T13:52:28Z) - Unleashing Mask: Explore the Intrinsic Out-of-Distribution Detection
Capability [70.72426887518517]
Out-of-distribution (OOD) detection is an indispensable aspect of secure AI when deploying machine learning models in real-world applications.
We propose a novel method, Unleashing Mask, which aims to restore the OOD discriminative capabilities of the well-trained model with ID data.
Our method utilizes a mask to figure out the memorized atypical samples, and then finetune the model or prune it with the introduced mask to forget them.
arXiv Detail & Related papers (2023-06-06T14:23:34Z) - DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified
Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection.
Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables.
We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z) - Towards a Fair Comparison and Realistic Design and Evaluation Framework
of Android Malware Detectors [63.75363908696257]
We analyze 10 influential research works on Android malware detection using a common evaluation framework.
We identify five factors that, if not taken into account when creating datasets and designing detectors, significantly affect the trained ML models.
We conclude that the studied ML-based detectors have been evaluated optimistically, which justifies the good published results.
arXiv Detail & Related papers (2022-05-25T08:28:08Z) - Fast & Furious: Modelling Malware Detection as Evolving Data Streams [6.6892028759947175]
Malware is a major threat to computer systems and imposes many challenges to cyber security.
In this work, we evaluate the impact of concept drift on malware classifiers for two Android datasets.
arXiv Detail & Related papers (2022-05-24T18:43:40Z) - Mate! Are You Really Aware? An Explainability-Guided Testing Framework
for Robustness of Malware Detectors [49.34155921877441]
We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors.
We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware.
Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
arXiv Detail & Related papers (2021-11-19T08:02:38Z) - Deep Learning for Android Malware Defenses: a Systematic Literature
Review [16.2206504908646]
Malicious applications (especially in the Android platform) are a serious threat to developers and end-users.
Deep learning techniques to thwart the attack of Android malware has recently gained considerable research attention.
Yet, there exists no systematic literature review that focuses on deep learning approaches for Android Malware defenses.
arXiv Detail & Related papers (2021-03-09T08:33:08Z) - Why an Android App is Classified as Malware? Towards Malware
Classification Interpretation [34.59397128785141]
We propose a novel and interpretable ML-based approach (named XMal) to classify malware with high accuracy and explain the classification result.
XMal hinges multi-layer perceptron (MLP) and attention mechanism, and also pinpoints the key features most related to the classification result.
Our study peeks into the interpretable ML through the research of Android malware detection and analysis.
arXiv Detail & Related papers (2020-04-24T03:05:09Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.