Assessing the opportunity of combining state-of-the-art Android malware detectors
Research on Android malware detection based on Machine learning has been prolific in recent years. In this paper, we show, through a large-scale evaluation of four state-of-the-art approaches that their achieved performance fluctuates when applied to different datasets. Combining existing approaches appears as an appealing method to stabilise performance. We therefore proceed to empirically investigate the effect of such combinations on the overall detection performance. In our study, we evaluated 22 methods to combine feature sets or predictions from the state-of-the-art approaches. Our results showed that no method has significantly enhanced the detection performance reported by the state-of-the-art malware detectors. Nevertheless, the performance achieved is on par with the best individual classifiers for all settings. Overall, we conduct extensive experiments on the opportunity to combine state-of-the-art detectors. Our main conclusion is that combining state-of-the-art malware detectors leads to a stabilisation of the detection performance, and a research agenda on how they should be combined effectively is required to boost malware detection. All artefacts of our large-scale study (i.e., the dataset of ∼0.5 million apks and all extracted features) are made available for replicability.
Wed 17 MayDisplayed time zone: Hobart change
13:45 - 15:15 | Software security and privacyTechnical Track / Journal-First Papers at Meeting Room 103 Chair(s): Wei Yang University of Texas at Dallas | ||
13:45 15mTalk | BFTDetector: Automatic Detection of Business Flow Tampering for Digital Content Service Technical Track I Luk Kim Purdue University, Weihang Wang University of Southern California, Yonghwi Kwon University of Virginia, Xiangyu Zhang Purdue University | ||
14:00 15mTalk | FedSlice: Protecting Federated Learning Models from Malicious Participants with Model Slicing Technical Track Ziqi Zhang Peking University, Yuanchun Li Institute for AI Industry Research (AIR), Tsinghua University, Bingyan Liu Peking University, Yifeng Cai Peking University, Ding Li Peking University, Yao Guo Peking University, Xiangqun Chen Peking University | ||
14:15 15mTalk | PTPDroid: Detecting Violated User Privacy Disclosures to Third-Parties of Android Apps Technical Track Zeya Tan Nanjing University of Science and Technology, Wei Song Nanjing University of Science and Technology Pre-print | ||
14:30 15mTalk | AdHere: Automated Detection and Repair of Intrusive Ads Technical Track Yutian Yan University of Southern California, Yunhui Zheng , Xinyue Liu University at Buffalo, SUNY, Nenad Medvidović University of Southern California, Weihang Wang University of Southern California | ||
14:45 15mTalk | Bad Snakes: Understanding and Improving Python Package Index Malware Scanning Technical Track | ||
15:00 7mTalk | DAISY: Dynamic-Analysis-Induced Source Discovery for Sensitive Data Journal-First Papers Xueling Zhang Rochester Institute of Technology, John Heaps University of Texas at San Antonio, Rocky Slavin The University of Texas at San Antonio, Jianwei Niu University of Texas at San Antonio, Travis Breaux Carnegie Mellon University, Xiaoyin Wang University of Texas at San Antonio | ||
15:07 7mTalk | Assessing the opportunity of combining state-of-the-art Android malware detectors Journal-First Papers Nadia Daoudi SnT, University of Luxembourg, Kevin Allix CentraleSupelec Rennes, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg | ||