Assessing and improving malware detection sustainability through app evolution studies
Learning-based classification dominates malware detectors for Android. However, due to the evolution of the Android ecosystem, existing such techniques are limited by their reliance on new malware samples, which may not be timely available, and constant retraining, which are often costly. A practical detector needs not only to be accurate on particular datasets but, more critically, to be able to sustain its capabilities over time without frequent retraining. We propose and study the sustainability problem for learning-based app classifiers. We define sustainability metrics and compare them among five state-of-the-art malware detectors. We further developed DroidSpan, a novel classification system based on a new behavioral profile that capture sensitive access distribution. We evaluated the sustainability of DroidSpan versus the five detectors on longitudinal datasets across eight years, which include 13,627 benign apps and 12,755 malware. We showed that DroidSpan significantly outperformed these baselines in sustainability at reasonable costs, by 6–32% for same-period detection and 21–37% for over-time detection. The main takeaway, which also explains the superiority of DroidSpan, is that the use of features consistently differentiating malware from benign apps over time is essential for sustainable learning-based malware detection, and that these features can be learned from app evolution studies.
Wed 11 Nov Times are displayed in time zone: (UTC) Coordinated Universal Time change
01:30 - 02:00: MobilePaper Presentations / Journal First / Tool Demos / Research Papers at Virtual room 1 | |||
| 01:30 - 01:32 Talk | Automated Construction of Energy Test Oracles for Android Research Papers Reyhaneh JabbarvandUniversity of Illinois, Urbana-Champain, Forough MehralianUniversity of California at Irvine, USA, Sam MalekUniversity of California at Irvine, USA DOI Pre-print | ||
| 01:33 - 01:34 Talk | Assessing and improving malware detection sustainability through app evolution studies Journal First Haipeng CaiWashington State University, USA | ||
| 01:35 - 01:36 Talk | MutAPK 2.0: A Tool for Reducing Mutation Testing Effort of Android Apps Tool Demos Camilo Escobar-VelásquezUniversidad de los Andes, Diego RiverosUniversity of Los Andes, Colombia, Mario Linares-VásquezUniversidad de los Andes DOI Pre-print | ||
| 01:37 - 01:38 Talk | UIScreens: Extracting User Interface Screens from Mobile Programming Video Tutorials Tool Demos Mohammad AlahmadiFlorida State University, Ahmad TayebFlorida State University, USA, Abdulkarim KhormiFlorida State University, USA - Jazan University, KSA, Esteban ParraFlorida State University, Sonia HaiducFlorida State University DOI | ||
| 01:39 - 01:40 Talk | Where2Change: Change Request Localization for App Reviews Journal First | ||
| 01:41 - 02:00 Talk | Conversations on Mobile 1 Paper Presentations Camilo Escobar-VelásquezUniversidad de los Andes, Haipeng CaiWashington State University, USA, Jieshan ChenAustralian National University, Australia, Reyhaneh JabbarvandUniversity of Illinois, Urbana-Champain, Tao ZhangMacau University of Science and Technology (MUST), M: Yixue ZhaoUniversity of Southern California, USA | ||
