research-article

On the deterioration of learning-based malware detectors for Android

Authors:

Xiaoqin Fu,

Haipeng CaiAuthors Info & Claims

ICSE '19: Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings

Pages 272 - 273

https://doi.org/10.1109/ICSE-Companion.2019.00110

Published: 25 May 2019 Publication History

Get Access

Abstract

Classification using machine learning has been a major class of defense solutions against malware. Yet in the presence of a large and growing number of learning-based malware detection techniques for Android, malicious apps keep breaking out, with an increasing momentum, in various Android app markets. In this context, we ask the question "what is it that makes new and emerging malware slip through such a great collection of detection techniques?". Intuitively, performance deterioration of malware detectors could be a main cause---trained on older samples, they are increasingly unable to capture new malware. To understand the question, this work sets off to investigate the deterioration problem in four state-of-the-art Android malware detectors. We confirmed our hypothesis that these existing solutions do deteriorate largely and rapidly over time. We also propose a new classification approach that is built on the results of a longitudinal characterization study of Android apps with a focus on their dynamic behaviors. We evaluated this new approach against the four existing detectors and demonstrated significant advantages of our new solution. The main lesson learned is that studying app evolution provides a promising avenue for long-span malware detection.

References

[1]

Android malware accounts for 97% of all malicious mobile apps. http://www.scmagazineuk.com/updated-97-of-malicious-mobile-malware-targets-android/article/422783/, 2015.

Google Scholar

[2]

V. M. Afonso, M. F. de Amorim, A. R. A. Grégio, G. B. Junquera, and P. L. de Geus. Identifying Android malware using dynamically obtained features. Journal of Computer Virology and Hacking Techniques, 11(1):9--17, 2015.

Crossref

Google Scholar

[3]

H. Cai and J. Jenkins. Towards sustainable android malware detection. In Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings, pages 350--351. ACM, 2018.

Digital Library

Google Scholar

[4]

H. Cai, N. Meng, B. Ryder, and D. Yao. Droidcat: Effective android malware detection and categorization via app-level profiling. IEEE Transactions on Information Forensics and Security, 2018.

Google Scholar

[5]

H. Cai and B. Ryder. Understanding Android application programming and security: A dynamic study. In International Conference on Software Maintenance and Evolution (ICSME), pages 364--375, 2017.

Crossref

Google Scholar

[6]

J. Garcia, M. Hammad, and S. Malek. Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Transactions on Software Engineering and Methodology (TOSEM), 26(3):11, 2018.

Digital Library

Google Scholar

[7]

E. Mariconti, L. Onwuzurike, P. Andriotis, E. De Cristofaro, G. Ross, and G. Stringhini. MAMADROID: Detecting android malware by building markov chains of behavioral models. In Proceedings of Network and Distributed System Security Symposium, 2017.

Crossref

Google Scholar

[8]

G. Suarez-Tangil, S. K. Dash, M. Ahmadi, J. Kinder, G. Giacinto, and L. Cavallaro. DroidSieve: Fast and accurate classification of obfuscated android malware. In Proceedings of ACM Conference on Data and Application Security and Privacy, pages 309--320, 2017.

Digital Library

Google Scholar

[9]

D. J. Tan, T.-W. Chua, V. L. Thing, et al. Securing Android: a survey, taxonomy, and challenges. ACM Computing Surveys, 47(4):1--45, 2015.

Digital Library

Google Scholar

Cited By

View all

Haidros Rahima Manzil HManohar Naik S(2024)Detection approaches for android malwareExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.122255238:PFOnline publication date: 27-Feb-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.122255
Chopra RAcharya SRawat UBhatnagar R(2023)An Energy Efficient, Robust, Sustainable, and Low Computational Cost Method for Mobile Malware DetectionApplied Computational Intelligence and Soft Computing10.1155/2023/20290642023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/2029064
Ceschin FBotacin MGomes HPinagé FOliveira LGrégio A(2023)Fast & FuriousExpert Systems with Applications: An International Journal10.1016/j.eswa.2022.118590212:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.eswa.2022.118590
Show More Cited By

Recommendations

Testing malware detectors
ISSTA '04: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis

In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing ...
Testing malware detectors

In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing ...
Evaluating Machine Learning Models for Android Malware Detection: A Comparison Study
ICNCC '18: Proceedings of the 2018 VII International Conference on Network, Communication and Computing

Android is the most popular mobile operating system having billions of active users worldwide that attracted advertisers, hackers, and cybercriminals to develop malware for various purposes. In recent years, wide-ranging researches have been conducted ...

Comments

Information & Contributors

Information

Published In

ICSE '19: Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings

May 2019

369 pages

Conference Chair:
Gunter Mussbacher
McGill University, Canada
,
General Chair:
Joanne M. Atlee
University of Waterloo, Canada
,
Program Chair:
Tevfik Bultan
University of California, Santa Barbara

Publisher

IEEE Press

Publication History

Published: 25 May 2019

Check for updates

Qualifiers

Research-article

Conference

ICSE '19

Sponsor:

SIGSOFT
IEEE-CS

ICSE '19: 41st International Conference on Software Engineering

May 25 - 31, 2019

Quebec, Montreal, Canada

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
77
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Haidros Rahima Manzil HManohar Naik S(2024)Detection approaches for android malwareExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.122255238:PFOnline publication date: 27-Feb-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.122255
Chopra RAcharya SRawat UBhatnagar R(2023)An Energy Efficient, Robust, Sustainable, and Low Computational Cost Method for Mobile Malware DetectionApplied Computational Intelligence and Soft Computing10.1155/2023/20290642023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/2029064
Ceschin FBotacin MGomes HPinagé FOliveira LGrégio A(2023)Fast & FuriousExpert Systems with Applications: An International Journal10.1016/j.eswa.2022.118590212:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.eswa.2022.118590
Acharya SRawat UBhatnagar R(2022)A Comprehensive Review of Android SecuritySecurity and Communication Networks10.1155/2022/77759172022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/7775917
Naeem MAmin RAlshamrani SAlshehri A(2022)Digital Forensics for Malware ClassificationComputational Intelligence and Neuroscience10.1155/2022/62940582022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/6294058
Acharya SRawat UBhatnagar R(2022)A Low Computational Cost Method for Mobile Malware Detection Using Transfer Learning and Familial Classification Using Topic ModellingApplied Computational Intelligence and Soft Computing10.1155/2022/41195002022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/4119500
Ali RAli AIqbal FHussain MUllah F(2022)Deep Learning Methods for Malware and Intrusion DetectionSecurity and Communication Networks10.1155/2022/29592222022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/2959222
Shatnawi AJaradat AYaseen TTaqieddin EAl-Ayyoub MMustafa D(2022)An Android Malware Detection Leveraging Machine LearningWireless Communications & Mobile Computing10.1155/2022/18302012022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1830201
Alhaidari FShaib NAlsafi MAlharbi HAlawami MAljindan RRahman AZagrouba R(2022)ZeVigilanteComputational Intelligence and Neuroscience10.1155/2022/16155282022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1615528
Guerra-Manzanares ABahsi HNõmm S(2021)KronoDroidComputers and Security10.1016/j.cose.2021.102399110:COnline publication date: 1-Nov-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102399
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Recommendations

Testing malware detectors

Testing malware detectors

Evaluating Machine Learning Models for Android Malware Detection: A Comparison Study

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations