Reference : Challenges and Outlook in Machine Learning-based Malware Detection for Android
Dissertations and theses : Doctoral thesis
Engineering, computing & technology : Computer science
Security, Reliability and Trust
Challenges and Outlook in Machine Learning-based Malware Detection for Android
Allix, Kevin mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC) >]
University of Luxembourg, ​Luxembourg, ​​Luxembourg
Docteur en Informatique
Le Traon, Yves mailto
Klein, Jacques mailto
Bissyande, Tegawendé François D Assise mailto
Cavallaro, Lorenzo
Rossow, Christian
[en] Machine-Learning ; Malware ; Android
[en] Just like in traditional desktop computing, one of the major security issues in mobile computing
lies in malicious software. Several recent studies have shown that Android, as today’s most
widespread Operating System, is the target of most of the new families of malware.
Manually analysing an Android application to determine whether it is malicious or not is a time-
consuming process. Furthermore, because of the complexity of analysing an application, this
task can only be conducted by highly-skilled—hence hard to come by—professionals.
Researchers naturally sought to transfer this process from humans to computers to lower the
cost of detecting malware. Machine-Learning techniques, looking at patterns amongst known
malware and inferring models of what discriminates malware from goodware, have long been
summoned to build malware detectors.
The vast quantity of data involved in malware detection, added to the fact that we do not know a
priori how to express in technical terms the difference between malware and goodware, indeed
makes the malware detection question a seemingly textbook example of a possible Machine-
Learning application.
Despite the vast amount of literature published on the topic of detecting malware with machine-
learning, malware detection is not a solved problem. In this Thesis, we investigate issues that
affect performance evaluation and that thus may render current machine learning-based mal-
ware detectors for Android hardly usable in practical settings, and we propose an approach to
overcome those issues. While the experiments presented in this thesis all rely on feature-sets
obtained through lightweight static analysis, several of our findings could apply equally to all
Machine Learning-based malware detection approaches.
In the first part of this thesis, background information on machine-learning and on malware
detection is provided, and the related work is described. A snapshot of the malware landscape
in Android application markets is then presented.
The second part discusses three pitfalls hindering the evaluation of malware detectors. We show
with extensive experiments how validation methodology, History-unaware dataset construction
and the choice of a ground truth can heavily interfere with the performance results of malware
In a third part, we present an practical approach to detect Android Malware in real-world settings.
We then propose several research paths to get closer to our long term goal of building practical,
dependable and predictable Android Malware detectors.

File(s) associated to this reference

Fulltext file(s):

Open access
thesis_Kevin_Allix-PhD-FSTC-2015-48.pdfPublisher postprint2.67 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.