Large-scale Machine Learning-based Malware Detection: Confronting the "10-fold Cross Validation" Scheme with Reality

Allix, Kevin; Bissyande, Tegawendé François D Assise; Jerome, Quentin; Klein, Jacques; State, Radu; Le Traon, Yves

doi:10.1145/2557547.2557587

Reference : Large-scale Machine Learning-based Malware Detection: Confronting the "10-fold Cross ...


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/18024

Title :	Large-scale Machine Learning-based Malware Detection: Confronting the "10-fold Cross Validation" Scheme with Reality
Language :	English
Author, co-author :	Allix, Kevin [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > > ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
	Bissyande, Tegawendé François D Assise [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Jerome, Quentin [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
	Klein, Jacques [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
	State, Radu [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
	Le Traon, Yves [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
Publication date :	Mar-2014
Main document title :	Proceedings of the 4th ACM Conference on Data and Application Security and Privacy
Publisher :	ACM
Collection and collection volume :	CODASPY '14
Pages :	163--166
Peer reviewed :	Yes
ISBN :	978-1-4503-2278-2
City :	New York, NY, USA
Event name :	4th ACM Conference on Data and Application Security and Privacy
Event date :	from 03-03-2014 to 05-03-2014
Event place (city) :	San Antonio, Texas
Event country :	USA
Keywords :	[en] android ; machine learning ; malware ; ten-fold
Abstract :	[en] To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine- learning techniques for proposing effective approaches. Sev- eral promising results were recorded in the literature, many approaches being assessed with the common “10-Fold cross validation” scheme. This paper revisits the purpose of mal- ware detection to discuss the adequacy of the “10-Fold” scheme for validating techniques that may not perform well in real- ity. To this end, we have devised several Machine Learning classifiers that rely on a novel set of features built from ap- plications’ CFGs. We use a sizeable dataset of over 50,000 Android applications collected from sources where state-of- the art approaches have selected their data. We show that our approach outperforms existing machine learning-based approaches. However, this high performance on usual-size datasets does not translate in high performance in the wild.
Permalink :	http://hdl.handle.net/10993/18024
DOI :	10.1145/2557547.2557587
Other URL :	http://doi.acm.org/10.1145/2557547.2557587

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	p163-allix.pdf		Publisher postprint	565.31 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices