CalmDroid: Core-Set Based Active Learning for Multi-Label Android Malware Detection
One of the trends in the evolution of Android malware is the increasing diversity of malicious behaviors, such as SMS-related and Internet-related actions. Traditional binary or family-based classification methods are inadequate for fine-grained detection of these behaviors. Thus, multi-label classification is required to identify various malicious behaviors within a single malware sample. This paper employs an active learning strategy to add multi-behavior labels to large-scale datasets based on expert-annotated small-scale datasets. To address the issue of noisy labels (simulating real-world mislabeling), we propose CalmDroid, an active learning framework utilizing the core-set strategy, instead of the confuse-set strategy for updating the model with out-of-distribution (OOD) points. We evaluate CalmDroid’s performance using the Drebin and VirusShare datasets. Experimental results demonstrate that CalmDroid achieves superior detection performance under varying noise conditions, with an accuracy improvement of up to 0.704 compared to the confuse-set strategy. In high-noise environments (15%), it reaches detection accuracy as high as 0.944. Additionally, we validate CalmDroid’s capability to detect evolving malware. Despite behavioral evolution in Drebin malware across different time steps, CalmDroid consistently achieves detection rates above 70% in the newest time step.
Sun 27 AprDisplayed time zone: Eastern Time (US & Canada) change
11:00 - 12:30 | Vulnerabilities, Technical Debt, DefectsEarly Research Achievements (ERA) / Research Track / Replications and Negative Results (RENE) at 205 Chair(s): Anthony Peruma University of Hawai‘i at Mānoa, Coen De Roover Vrije Universiteit Brussel, Gema Rodríguez-Pérez Department of Computer Science, Mathematics, Physics and Statistics, University of British Columbia, Okanagan Campus | ||
11:00 10mTalk | CalmDroid: Core-Set Based Active Learning for Multi-Label Android Malware Detection Research Track Minhong Dong Tiangong University, Liyuan Liu Tiangong University, Mengting Zhang Tiangong University, Sen Chen Nankai University, Wenying He Hebei University of Technology, Ze Wang Tiangong University, Yude Bai Tianjin University | ||
11:10 10mTalk | Towards Task-Harmonious Vulnerability Assessment based on LLM Research Track Zaixing Zhang Southeast University, Chang Jianming , Tianyuan Hu Southeast University, Lulu Wang Southeast University, Bixin Li Southeast University | ||
11:20 10mTalk | Slicing-Based Approach for Detecting and Patching Vulnerable Code Clones Research Track Hakam W. Alomari Miami University, Christopher Vendome Miami University, Himal Gyawali Miami University Pre-print | ||
11:30 6mTalk | Revisiting Security Practices for GitHub Actions Workflows Early Research Achievements (ERA) | ||
11:36 6mTalk | Leveraging multi-task learning to improve the detection of SATD and vulnerability Replications and Negative Results (RENE) Barbara Russo Free University of Bolzano, Jorge Melegati Free University of Bozen-Bolzano, Moritz Mock Free University of Bozen-Bolzano Pre-print | ||
11:42 10mTalk | Leveraging Context Information for Self-Admitted Technical Debt Detection Research Track Miki Yonekura Nara Institute of Science and Technology, Yutaro Kashiwa Nara Institute of Science and Technology, Bin Lin Hangzhou Dianzi University, Kenji Fujiwara Nara Women’s University, Hajimu Iida Nara Institute of Science and Technology | ||
11:52 6mTalk | Personalized Code Readability Assessment: Are We There Yet? Replications and Negative Results (RENE) Antonio Vitale Politecnico di Torino, University of Molise, Emanuela Guglielmi University of Molise, Rocco Oliveto University of Molise, Simone Scalabrino University of Molise | ||
11:58 6mTalk | Automated Refactoring of Non-Idiomatic Python Code: A Differentiated Replication with LLMs Replications and Negative Results (RENE) Pre-print | ||
12:04 10mResearch paper | Sonar: Detecting Logic Bugs in DBMS through Generating Semantic-aware Non-Optimizing Query Research Track Shiyang Ye Zhejiang University, Chao Ni Zhejiang University, Jue Wang Nanjing University, Qianqian Pang zhejang university, Xinrui Li School of Software Technology, Zhejiang University, xiaodanxu College of Computer Science and Technology, Zhejiang university | ||
12:14 6mTalk | A Study on Applying Large Language Models to Issue Classification Replications and Negative Results (RENE) | ||
12:20 10mLive Q&A | Session's Discussion: "Vulnerabilities, Technical Debt, Defects" Research Track | ||