Reference : A Deep Dive inside DREBIN: An Explorative Analysis beyond Android Malware Detection Scores
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/49254
A Deep Dive inside DREBIN: An Explorative Analysis beyond Android Malware Detection Scores
English
Daoudi, Nadia mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Allix, Kevin mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
May-2022
ACM Transactions on Privacy and Security
Association for Computing Machinery (ACM)
25
2
Yes
International
[en] Android Malware Detection ; Machine Learning ; DREBIN ; SVM
[en] Machine learning (ML) advances have been extensively explored for implementing large-scale malware detection. When reported in the literature, performance evaluation of ML-based detectors generally focuses on highlighting the ratio of samples that are correctly or incorrectly classified, overlooking essential questions on why/how the learned models can be demonstrated as reliable. In the Android ecosystem, several recent studies have highlighted how evaluation setups can carry biases related to datasets or evaluation methodologies. Nevertheless, there is little work attempting to dissect the produced model to provide some understanding of its intrinsic characteristics. In this work, we fill this gap by performing a comprehensive analysis of a state-of-the-art Android Malware detector, namely DREBIN, which constitutes today a key reference in the literature. Our study mainly targets an in-depth understanding of the classifier characteristics in terms of (1) which features actually matter among the hundreds of thousands that DREBIN extracts, (2) whether the high scores of the classifier are dependent on the dataset age, (3) whether DREBIN's explanations are consistent within malware families, etc. Overall, our tentative analysis provides insights into the discriminatory power of the feature set used by DREBIN to detect malware. We expect our findings to bring about a systematisation of knowledge for the community.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Trustworthy Software Engineering (TruX)
Fonds National de la Recherche - FnR ; European Union’s Horizon 2020 research and innovation program ; University of Luxembourg - UL ; Luxembourg Ministry of Foreign and European Affairs
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/49254
10.1145/3503463
https://dl.acm.org/doi/10.1145/3503463
FnR ; FNR11693861 > Jacques Klein > CHARACTERIZE > Characterization Of Malicious Code In Mobile Apps: Towards Accurate And Explainable Malware Detection > 01/06/2018 > 31/12/2021 > 2017

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
TOPS_Deep_Dive_DREBIN_final.pdfAuthor preprint1.4 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.