Litcius/Paper detail

A Deep Dive Inside DREBIN: An Explorative Analysis beyond Android Malware Detection Scores

Nadia Daoudi, Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein

2022ACM Transactions on Privacy and Security35 citationsDOIOpen Access PDF

Abstract

Machine learning advances have been extensively explored for implementing large-scale malware detection. When reported in the literature, performance evaluation of machine learning based detectors generally focuses on highlighting the ratio of samples that are correctly or incorrectly classified, overlooking essential questions on why/how the learned models can be demonstrated as reliable. In the Android ecosystem, several recent studies have highlighted how evaluation setups can carry biases related to datasets or evaluation methodologies. Nevertheless, there is little work attempting to dissect the produced model to provide some understanding of its intrinsic characteristics. In this work, we fill this gap by performing a comprehensive analysis of a state-of-the-art Android malware detector, namely DREBIN, which constitutes today a key reference in the literature. Our study mainly targets an in-depth understanding of the classifier characteristics in terms of (1) which features actually matter among the hundreds of thousands that DREBIN extracts, (2) whether the high scores of the classifier are dependent on the dataset age, and (3) whether DREBIN’s explanations are consistent within malware families, among others. Overall, our tentative analysis provides insights into the discriminatory power of the feature set used by DREBIN to detect malware. We expect our findings to bring about a systematisation of knowledge for the community.

Topics & Concepts

MalwareComputer scienceAndroid (operating system)Machine learningAndroid malwareArtificial intelligenceClassifier (UML)Data scienceComputer securityOperating systemAdvanced Malware Detection TechniquesNetwork Security and Intrusion DetectionSoftware Testing and Debugging Techniques