Reference : Assessing the opportunity of combining state-of-the-art Android malware detectors
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/53606
Assessing the opportunity of combining state-of-the-art Android malware detectors
English
Daoudi, Nadia mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Allix, Kévin mailto [CentraleSupelec]
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Dec-2022
Empirical Software Engineering
Kluwer Academic Publishers
28
Yes
International
1382-3256
1573-7616
Netherlands
[en] Android ; Malware ; Machine learning ; Ensemble learning
[en] Research on Android malware detection based on Machine learning has been prolific in recent years. In this paper, we show, through a large-scale evaluation of four state-of-the-art approaches that their achieved performance fluctuates when applied to different datasets. Combining existing approaches appears as an appealing method to stabilise performance. We therefore proceed to empirically investigate the effect of such combinations on the overall detection performance. In our study, we evaluated 22 methods to combine feature sets or predictions from the state-of-the-art approaches. Our results showed that no method has significantly enhanced the detection performance reported by the state-of-the-art malware detectors. Nevertheless, the performance achieved is on par with the best individual classifiers for all settings. Overall, we conduct extensive experiments on the opportunity to combine state-of-the-art detectors. Our main conclusion is that combining state-of-theart malware detectors leads to a stabilisation of the detection performance, and a research agenda on how they should be combined effectively is required to boost malware detection. All artefacts of our large-scale study (i.e., the dataset of ∼0.5 million apks and all extracted features) are made available for replicability.
Fonds National de la Recherche - FnR ; University of Luxembourg - UL ; SPARTA ; Luxembourg Ministry of Foreign and European Affairs
Researchers
http://hdl.handle.net/10993/53606
10.1007/s10664-022-10249-9
https://link.springer.com/article/10.1007/s10664-022-10249-9
FnR ; FNR11693861 > Jacques Klein > CHARACTERIZE > Characterization Of Malicious Code In Mobile Apps: Towards Accurate And Explainable Malware Detection > 01/06/2018 > 31/12/2021 > 2017

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Combination_of_SOTA_malware_detectors_preprint.pdfAuthor preprint1.48 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.