Doctoral thesis (Dissertations and theses)
Challenges and Outlook in Machine Learning-based Malware Detection for Android
Allix, Kevin


Full Text
Publisher postprint (2.74 MB)

All documents in ORBilu are protected by a user license.

Send to


Keywords :
Machine-Learning; Malware; Android
Abstract :
[en] Just like in traditional desktop computing, one of the major security issues in mobile computing lies in malicious software. Several recent studies have shown that Android, as today’s most widespread Operating System, is the target of most of the new families of malware. Manually analysing an Android application to determine whether it is malicious or not is a time- consuming process. Furthermore, because of the complexity of analysing an application, this task can only be conducted by highly-skilled—hence hard to come by—professionals. Researchers naturally sought to transfer this process from humans to computers to lower the cost of detecting malware. Machine-Learning techniques, looking at patterns amongst known malware and inferring models of what discriminates malware from goodware, have long been summoned to build malware detectors. The vast quantity of data involved in malware detection, added to the fact that we do not know a priori how to express in technical terms the difference between malware and goodware, indeed makes the malware detection question a seemingly textbook example of a possible Machine- Learning application. Despite the vast amount of literature published on the topic of detecting malware with machine- learning, malware detection is not a solved problem. In this Thesis, we investigate issues that affect performance evaluation and that thus may render current machine learning-based mal- ware detectors for Android hardly usable in practical settings, and we propose an approach to overcome those issues. While the experiments presented in this thesis all rely on feature-sets obtained through lightweight static analysis, several of our findings could apply equally to all Machine Learning-based malware detection approaches. In the first part of this thesis, background information on machine-learning and on malware detection is provided, and the related work is described. A snapshot of the malware landscape in Android application markets is then presented. The second part discusses three pitfalls hindering the evaluation of malware detectors. We show with extensive experiments how validation methodology, History-unaware dataset construction and the choice of a ground truth can heavily interfere with the performance results of malware detectors. In a third part, we present an practical approach to detect Android Malware in real-world settings. We then propose several research paths to get closer to our long term goal of building practical, dependable and predictable Android Malware detectors.
Disciplines :
Computer science
Author, co-author :
Allix, Kevin ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)
Language :
Title :
Challenges and Outlook in Machine Learning-based Malware Detection for Android
Defense date :
09 October 2015
Institution :
Unilu - University of Luxembourg, Luxembourg, Luxembourg
Degree :
Docteur en Informatique
Promotor :
President :
Jury member :
Bissyande, Tegawendé François D Assise  
Cavallaro, Lorenzo
Rossow, Christian
Focus Area :
Security, Reliability and Trust
Available on ORBilu :
since 25 February 2016


Number of views
324 (47 by Unilu)
Number of downloads
865 (50 by Unilu)


Similar publications

Contact ORBilu