Article (Scientific journals)
A Deep Dive inside DREBIN: An Explorative Analysis beyond Android Malware Detection Scores
DAOUDI, Nadia; ALLIX, Kevin; BISSYANDE, Tegawendé François D Assise et al.
2022In ACM Transactions on Privacy and Security, 25 (2)
Peer reviewed
 

Files


Full Text
TOPS_Deep_Dive_DREBIN_final.pdf
Author preprint (1.43 MB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Android Malware Detection; Machine Learning; DREBIN; SVM
Abstract :
[en] Machine learning (ML) advances have been extensively explored for implementing large-scale malware detection. When reported in the literature, performance evaluation of ML-based detectors generally focuses on highlighting the ratio of samples that are correctly or incorrectly classified, overlooking essential questions on why/how the learned models can be demonstrated as reliable. In the Android ecosystem, several recent studies have highlighted how evaluation setups can carry biases related to datasets or evaluation methodologies. Nevertheless, there is little work attempting to dissect the produced model to provide some understanding of its intrinsic characteristics. In this work, we fill this gap by performing a comprehensive analysis of a state-of-the-art Android Malware detector, namely DREBIN, which constitutes today a key reference in the literature. Our study mainly targets an in-depth understanding of the classifier characteristics in terms of (1) which features actually matter among the hundreds of thousands that DREBIN extracts, (2) whether the high scores of the classifier are dependent on the dataset age, (3) whether DREBIN's explanations are consistent within malware families, etc. Overall, our tentative analysis provides insights into the discriminatory power of the feature set used by DREBIN to detect malware. We expect our findings to bring about a systematisation of knowledge for the community.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Trustworthy Software Engineering (TruX)
Disciplines :
Computer science
Author, co-author :
DAOUDI, Nadia ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
ALLIX, Kevin ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
BISSYANDE, Tegawendé François D Assise  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
KLEIN, Jacques ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX
External co-authors :
no
Language :
English
Title :
A Deep Dive inside DREBIN: An Explorative Analysis beyond Android Malware Detection Scores
Publication date :
May 2022
Journal title :
ACM Transactions on Privacy and Security
Publisher :
Association for Computing Machinery (ACM)
Volume :
25
Issue :
2
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR11693861 - Characterization Of Malicious Code In Mobile Apps: Towards Accurate And Explainable Malware Detection, 2017 (01/06/2018-31/12/2021) - Jacques Klein
Funders :
FNR - Fonds National de la Recherche [LU]
European Union’s Horizon 2020 research and innovation program
University of Luxembourg - UL
Luxembourg Ministry of Foreign and European Affairs
Available on ORBilu :
since 04 January 2022

Statistics


Number of views
443 (46 by Unilu)
Number of downloads
229 (7 by Unilu)

Scopus citations®
 
14
Scopus citations®
without self-citations
14
OpenCitations
 
1
WoS citations
 
10

Bibliography


Similar publications



Contact ORBilu