On Benign Features in Malware Detection
This paper investigates the problem of classifying Android applications into malicious and benign. We analyze the performance of a popular malware detection tool, Drebin, on malware datasets commonly used in an academic setup and show that the high detection accuracy often stems from learning benign rather than malicious indicators. That, effectively, turns the malware detection tools into benign app detectors. Yet, in practice, malware samples are often larger and can exhibit many behaviors similar to those of benign apps. Under such a challenging setup, looking for benign indicators becomes ineffective and the ability of the tools to detect malware degrades substantially.
In this paper, we propose an approach for identifying malicious portions of an app in the presence of numerous benign features, effectively eliminating “noise” and focusing the detection on truly malicious indicators.We also propose a novel metric estimating the “reasons” for correct malware classification, i.e., whether it is based on the presence of malicious indicators or the absence of benign ones. We show that our proposed approach is effective in both increasing the “standard” classification accuracy and in making more “justifiable” classification decisions.
Tue 22 Sep Times are displayed in time zone: (UTC) Coordinated Universal Time change
17:10 - 18:10
|DeepTC-Enhancer: Improving the Readability of Automatically Generated Tests|
Devjeet RoyWashington State University, Ziyi ZhangWashington State University, Maggie MaWashington State University, Venera ArnaoudovaWashington State University, Annibale PanichellaDelft University of Technology, Sebastiano PanichellaZurich University of Applied Sciences, Danielle GonzalezRochester Institute of Technology, USA, Mehdi MirakhorliRochester Institute of Technology
|Hybrid Deep Neural Networks to Infer State Models of Black-Box Systems|
|On Benign Features in Malware Detection|