On Benign Features in Malware Detection
This paper investigates the problem of classifying Android applications into malicious and benign. We analyze the performance of a popular malware detection tool, Drebin, on malware datasets commonly used in an academic setup and show that the high detection accuracy often stems from learning benign rather than malicious indicators. That, effectively, turns the malware detection tools into benign app detectors. Yet, in practice, malware samples are often larger and can exhibit many behaviors similar to those of benign apps. Under such a challenging setup, looking for benign indicators becomes ineffective and the ability of the tools to detect malware degrades substantially.
In this paper, we propose an approach for identifying malicious portions of an app in the presence of numerous benign features, effectively eliminating “noise” and focusing the detection on truly malicious indicators.We also propose a novel metric estimating the “reasons” for correct malware classification, i.e., whether it is based on the presence of malicious indicators or the absence of benign ones. We show that our proposed approach is effective in both increasing the “standard” classification accuracy and in making more “justifiable” classification decisions.
Tue 22 SepDisplayed time zone: (UTC) Coordinated Universal Time change
17:10 - 18:10
|DeepTC-Enhancer: Improving the Readability of Automatically Generated Tests|
Devjeet Roy Washington State University, Ziyi Zhang Washington State University, Maggie Ma Washington State University, Venera Arnaoudova Washington State University, Annibale Panichella Delft University of Technology, Sebastiano Panichella Zurich University of Applied Sciences, Danielle Gonzalez Rochester Institute of Technology, USA, Mehdi Mirakhorli Rochester Institute of Technology
|Hybrid Deep Neural Networks to Infer State Models of Black-Box Systems|
|On Benign Features in Malware Detection|