On Benign Features in Malware Detection
This paper investigates the problem of classifying Android applications into malicious and benign. We analyze the performance of a popular malware detection tool, Drebin, on malware datasets commonly used in an academic setup and show that the high detection accuracy often stems from learning benign rather than malicious indicators. That, effectively, turns the malware detection tools into benign app detectors. Yet, in practice, malware samples are often larger and can exhibit many behaviors similar to those of benign apps. Under such a challenging setup, looking for benign indicators becomes ineffective and the ability of the tools to detect malware degrades substantially.
In this paper, we propose an approach for identifying malicious portions of an app in the presence of numerous benign features, effectively eliminating “noise” and focusing the detection on truly malicious indicators.We also propose a novel metric estimating the “reasons” for correct malware classification, i.e., whether it is based on the presence of malicious indicators or the absence of benign ones. We show that our proposed approach is effective in both increasing the “standard” classification accuracy and in making more “justifiable” classification decisions.
Tue 22 Sep Times are displayed in time zone: (UTC) Coordinated Universal Time
17:10 - 18:10: AI for Software Engineering (1)Research Papers / NIER track at Koala Chair(s): Tingting YuUniversity of Kentucky | |||
17:10 - 17:30 Talk | DeepTC-Enhancer: Improving the Readability of Automatically Generated Tests Research Papers Devjeet RoyWashington State University, Ziyi ZhangWashington State University, Maggie MaWashington State University, Venera ArnaoudovaWashington State University, Annibale PanichellaDelft University of Technology, Sebastiano PanichellaZurich University of Applied Sciences, Danielle GonzalezRochester Institute of Technology, USA, Mehdi MirakhorliRochester Institute of Technology | ||
17:30 - 17:50 Talk | Hybrid Deep Neural Networks to Infer State Models of Black-Box Systems Research Papers Pre-print | ||
17:50 - 18:00 Talk | On Benign Features in Malware Detection NIER track Michael CaoThe University of British Columbia, Sahar BadihiUniversity of British Columbia, Canada, Khaled AhmedThe University of British Columbia, Peiyu XiongThe University of British Columbia, Julia RubinUniversity of British Columbia, Canada |