ThreatIntel-Andro: Expert-Verified Benchmarking for Robust Android Malware Research

• URL: http://arxiv.org/abs/2510.16835v1
• Date: Sun, 19 Oct 2025 13:51:27 GMT
• Title: ThreatIntel-Andro: Expert-Verified Benchmarking for Robust Android Malware Research
• Authors: Hongpeng Bai, Minhong Dong, Yao Zhang, Shunzhe Zhao, Haobo Zhang, Lingyue Li, Yude Bai, Guangquan Xu,
• Abstract summary: Real-time Android malware datasets are a critical foundation for effective detection and defense.<n>Traditional datasets, such as VirusTotal's multi-engine aggregation results, exhibit significant limitations.<n> automated labeling tools (e.g., AVClass2) suffer from suboptimal aggregation strategies.
• Score: 12.287399657700824
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The rapidly evolving Android malware ecosystem demands high-quality, real-time datasets as a foundation for effective detection and defense. With the widespread adoption of mobile devices across industrial systems, they have become a critical yet often overlooked attack surface in industrial cybersecurity. However, mainstream datasets widely used in academia and industry (e.g., Drebin) exhibit significant limitations: on one hand, their heavy reliance on VirusTotal's multi-engine aggregation results introduces substantial label noise; on the other hand, outdated samples reduce their temporal relevance. Moreover, automated labeling tools (e.g., AVClass2) suffer from suboptimal aggregation strategies, further compounding labeling errors and propagating inaccuracies throughout the research community.

Related papers

• Empirical Evaluation of SMOTE in Android Malware Detection with Machine Learning: Challenges and Performance in CICMalDroid 2020 [0.0]
  This work tests Machine Learning algorithms in detecting malicious code from dynamic execution characteristics.<n>In 75% of the tested configurations, the application of SMOTE led to performance degradation or only marginal improvements.<n>Tree-based algorithms, such as XGBoost and Random Forest, consistently outperformed the others, achieving weighted recall above 94%.
  arXiv  Detail & Related papers  (2026-02-09T14:47:47Z)
• Synthetic Data: AI's New Weapon Against Android Malware [0.0]
  Attackers are now using Artificial Intelligence to create sophisticated malware variations that can easily evade traditional detection techniques.<n>MalSynGen is a Malware Synthetic Data Generation methodology that uses a conditional Generative Adversarial Network (cGAN) to generate synthetic data.<n>This data preserves the statistical properties of real-world data and improves the performance of Android malware classifiers.
  arXiv  Detail & Related papers  (2025-11-24T19:27:58Z)
• AI Agentic Vulnerability Injection And Transformation with Optimized Reasoning [2.918225266151982]
  We present AVIATOR, the first AI-agentic vulnerability injection workflow.<n>It automatically injects realistic, category-specific vulnerabilities for high-fidelity, diverse, large-scale vulnerability dataset generation.<n>It combines semantic analysis, injection synthesis enhanced with LoRA-based fine-tuning and Retrieval-Augmented Generation, as well as post-injection validation via static analysis and LLM-based discriminators.
  arXiv  Detail & Related papers  (2025-08-28T14:59:39Z)
• LAMDA: A Longitudinal Android Malware Benchmark for Concept Drift Analysis [5.895643771545453]
  LAMDA is the largest and most temporally diverse Android malware benchmark to date.<n>It reflects the natural distribution and evolution of real-world Android applications.<n>It enables in-depth research into temporal drift, generalization, explainability, and evolving detection challenges.
  arXiv  Detail & Related papers  (2025-05-24T06:36:39Z)
• Beyond Academic Benchmarks: Critical Analysis and Best Practices for Visual Industrial Anomaly Detection [40.174488947319645]
  Anomaly detection (AD) is essential for automating visual inspection in manufacturing.<n>This paper makes three key contributions: (1) we demonstrate the importance of real-world datasets and establish benchmarks using actual production data; (2) we provide a fair comparison of existing SOTA methods across diverse tasks by utilizing metrics that are valuable for practical applications; and (3) we present a comprehensive analysis of recent advancements in this field by discussing important challenges and new perspectives for bridging the academia-industry gap.
  arXiv  Detail & Related papers  (2025-03-30T14:11:46Z)
• SeCodePLT: A Unified Platform for Evaluating the Security of Code GenAI [58.29510889419971]
  Existing benchmarks for evaluating the security risks and capabilities of code-generating large language models (LLMs) face several key limitations.<n>We introduce a general and scalable benchmark construction framework that begins with manually validated, high-quality seed examples and expands them via targeted mutations.<n>Applying this framework to Python, C/C++, and Java, we build SeCodePLT, a dataset of more than 5.9k samples spanning 44 CWE-based risk categories and three security capabilities.
  arXiv  Detail & Related papers  (2024-10-14T21:17:22Z)
• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• Android Malware Detection with Unbiased Confidence Guarantees [1.6432632226868131]
  We propose a machine learning dynamic analysis approach that provides provably valid confidence guarantees in each malware detection. The proposed approach is based on a novel machine learning framework, called Conformal Prediction, combined with a random forests classifier. We examine its performance on a large-scale dataset collected by installing 1866 malicious and 4816 benign applications on a real android device.
  arXiv  Detail & Related papers  (2023-12-17T11:07:31Z)
• Few-shot Weakly-supervised Cybersecurity Anomaly Detection [1.179179628317559]
  We propose an enhancement to an existing few-shot weakly-supervised deep learning anomaly detection framework. This framework incorporates data augmentation, representation learning and ordinal regression. We then evaluated and showed the performance of our implemented framework on three benchmark datasets.
  arXiv  Detail & Related papers  (2023-04-15T04:37:54Z)
• A survey on hardware-based malware detection approaches [45.24207460381396]
  Hardware-based malware detection approaches leverage hardware performance counters and machine learning prowess. We meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours. The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
  arXiv  Detail & Related papers  (2023-03-22T13:00:41Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• Towards a Fair Comparison and Realistic Design and Evaluation Framework of Android Malware Detectors [63.75363908696257]
  We analyze 10 influential research works on Android malware detection using a common evaluation framework. We identify five factors that, if not taken into account when creating datasets and designing detectors, significantly affect the trained ML models. We conclude that the studied ML-based detectors have been evaluated optimistically, which justifies the good published results.
  arXiv  Detail & Related papers  (2022-05-25T08:28:08Z)
• Adversarial Patterns: Building Robust Android Malware Classifiers [0.9208007322096533]
  In the field of cybersecurity, machine learning models have made significant improvements in malware detection. Despite their ability to understand complex patterns from unstructured data, these models are susceptible to adversarial attacks. This paper provides a comprehensive review of adversarial machine learning in the context of Android malware classifiers.
  arXiv  Detail & Related papers  (2022-03-04T03:47:08Z)
• Anomaly Detection Based on Selection and Weighting in Latent Space [73.01328671569759]
  We propose a novel selection-and-weighting-based anomaly detection framework called SWAD. Experiments on both benchmark and real-world datasets have shown the effectiveness and superiority of SWAD.
  arXiv  Detail & Related papers  (2021-03-08T10:56:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.