research-article

Free access

Experimental Study with Real-world Data for Android App Security Analysis using Machine Learning

Authors:

Jordan DeLoach,

Venkatesh Prasad Ranganath,

Nicolais GuevaraAuthors Info & Claims

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

Pages 81 - 90

https://doi.org/10.1145/2818000.2818038

Published: 07 December 2015 Publication History

Abstract

Although Machine Learning (ML) based approaches have shown promise for Android malware detection, a set of critical challenges remain unaddressed. Some of those challenges arise in relation to proper evaluation of the detection approach while others are related to the design decisions of the same. In this paper, we systematically study the impact of these challenges as a set of research questions (i.e., hypotheses). We design an experimentation framework where we can reliably vary several parameters while evaluating ML-based Android malware detection approaches. The results from the experiments are then used to answer the research questions. Meanwhile, we also demonstrate the impact of some challenges on some existing ML-based approaches. The large (market-scale) dataset (benign and malicious apps) we use in the above experiments represents the real-world Android app security analysis scale. We envision this study to encourage the practice of employing a better evaluation strategy and better designs of future ML-based approaches for Android malware detection.

References

[1]

Market Share: Devices, all countries, 4Q14 update. http://www.gartner.com/newsroom/id/2996817.

[2]

PCWorld Report: Malware-infected android apps spike in the google play store. http://tinyurl.com/lhu9ope, 2014.

[3]

Virus Total. https://www.virustotal.com/, December 2014.

[4]

Y. Aafer et al. DroidAPIMiner: Mining api-level features for robust malware detection in android. In Proc. of SecureComm, 2013.

[5]

D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, and K. Rieck. Drebin: Effective and explainable detection of Android malware in your pocket. In Proc. of the NDSS, 2014.

[6]

V. Avdiienko, K. Kuznetsov, A. Gorla, A. Zeller, S. Arzt, S. Rasthofer, and E. Bodden. Mining apps for abnormal usage of sensitive data. In Proc. of the ICSE, 2015.

Digital Library

[7]

S. Axelsson. The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security (TISSEC), 3(3):186--205, 2000.

Digital Library

[8]

M. Barreno et al. Can machine learning be secure? In Proc. of the ASIACCS, 2006.

Digital Library

[9]

S. Chakradeo, B. Reaves, P. Traynor, and W. Enck. MAST: Triage for market-scale mobile malware analysis. In Proc. of the WiSec, 2013.

Digital Library

[10]

J. Davis and M. Goadrich. The relationship between Precision-Recall and ROC curves. In Proc. of the ICML, 2006.

Digital Library

[11]

Google. Google Report Android Security 2014 Year in Review. http://tinyurl.com/nh4jbue, 2014.

[12]

M. Hall et al. The WEKA data mining software: an update. ACM SIGKDD explorations newsletter, 11(1):10--18, 2009.

Digital Library

[13]

G. Kelly. Report: 97% of mobile malware is on android. this is the easy way you stay safe. http://tinyurl.com/pb7zf2e, March 2014.

[14]

E. Lafortune et al. ProGuard. http://proguard.sourceforge.net, 2004.

[15]

K. Rieck. Machine learning for application-layer intrusion detection. Dissertation, Fraunhofer Institute FIRST & TU Berlin, 2009.

[16]

R. Sommer and V. Paxson. Outside the closed world: On using machine learning for network intrusion detection. In Proc. of the IEEE Symposium on Security and Privacy, 2010.

Digital Library

[17]

Sophia. Security Threat Report 2014: Smarter, Shadier, Stealthier Malware. 2014.

[18]

N. Viennot et al. A measurement study of Google Play. In Proc. of the SIGMETRICS, 2014.

Digital Library

[19]

N. Šrndic and P. Laskov. Practical evasion of a learning-based classifier: A case study. In Proc. of the IEEE Symposium on Security and Privacy, 2014.

Digital Library

[20]

W. Yang et al. Appcontext: Differentiating malicious and benign mobile app behaviors using context. In Proc. of the ICSE, 2015.

Digital Library

[21]

M. Zhang, Y. Duan, H. Yin, and Z. Zhao. Semantics-aware Android malware classification using weighted contextual API dependency graphs. In Proc. of ACM CCS, 2014.

Digital Library

[22]

Y. Zhou et al. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In Proc. of the NDSS, 2012.

[23]

Y. Zhou and X. Jiang. Dissecting Android malware: Characterization and evolution. In Proc. of the IEEE Sec. and Privacy, 2012.

Digital Library

Cited By

Gour S(2024)Application of Google Lens Clone Using Image Recognition in Enterprise EnvironmentOnline Social Networks in Business Frameworks10.1002/9781394231126.ch3(47-67)Online publication date: 20-Sep-2024
https://doi.org/10.1002/9781394231126.ch3
He YLou JQin ZRen KMeng WJensen CCremers CKirda E(2023)FINER: Enhancing State-of-the-art Classifiers with Feature Attribution to Facilitate Security AnalysisProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616599(416-430)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616599
Molina-Coronado BMori UMendiburu AMiguel-Alonso J(2023)Towards a fair comparison and realistic evaluation framework of android malware detectors based on static analysis and machine learningComputers & Security10.1016/j.cose.2022.102996124(102996)Online publication date: Jan-2023
https://doi.org/10.1016/j.cose.2022.102996
Show More Cited By

Recommendations

Understanding Android app piggybacking
ICSE-C '17: Proceedings of the 39th International Conference on Software Engineering Companion

The Android packaging model offers adequate opportunities for attackers to inject malicious code into popular benign apps, attempting to develop new malicious apps that can then be easily spread to a large user base. Despite the fact that the literature ...
Learn Android App Development
A Measurement-based Study on Application Popularity in Android and iOS App Stores
Mobidata '15: Proceedings of the 2015 Workshop on Mobile Big Data

Mobile application stores (appstores) are emerging digital distribution platforms with explosive growth. Although there have been some observations on the mobile application (app) popularity in Android appstores, there is no report on the app popularity ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

December 2015

489 pages

ISBN:9781450336826

DOI:10.1145/2818000

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 December 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Science Foundation

Conference

ACSAC 2015

ACSAC 2015: 2015 Annual Computer Security Applications Conference

December 7 - 11, 2015

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

46
Total Citations
View Citations
1,924
Total Downloads

Downloads (Last 12 months)252
Downloads (Last 6 weeks)27

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gour S(2024)Application of Google Lens Clone Using Image Recognition in Enterprise EnvironmentOnline Social Networks in Business Frameworks10.1002/9781394231126.ch3(47-67)Online publication date: 20-Sep-2024
https://doi.org/10.1002/9781394231126.ch3
He YLou JQin ZRen KMeng WJensen CCremers CKirda E(2023)FINER: Enhancing State-of-the-art Classifiers with Feature Attribution to Facilitate Security AnalysisProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616599(416-430)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616599
Molina-Coronado BMori UMendiburu AMiguel-Alonso J(2023)Towards a fair comparison and realistic evaluation framework of android malware detectors based on static analysis and machine learningComputers & Security10.1016/j.cose.2022.102996124(102996)Online publication date: Jan-2023
https://doi.org/10.1016/j.cose.2022.102996
Pattani KGautam S(2022)Data-Driven Android Malware Analysis IntelligenceMethods, Implementation, and Application of Cyber Security Intelligence and Analytics10.4018/978-1-6684-3991-3.ch011(181-200)Online publication date: 17-Jun-2022
https://doi.org/10.4018/978-1-6684-3991-3.ch011
Daoudi NAllix KBissyandé TKlein J(2022)A Deep Dive Inside DREBIN: An Explorative Analysis beyond Android Malware Detection ScoresACM Transactions on Privacy and Security10.1145/350346325:2(1-28)Online publication date: 4-May-2022
https://dl.acm.org/doi/10.1145/3503463
Liu YTantithamthavorn CLi LLiu Y(2022)Explainable AI for Android Malware Detection: Towards Understanding Why the Models Perform So Well?2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE55969.2022.00026(169-180)Online publication date: Oct-2022
https://doi.org/10.1109/ISSRE55969.2022.00026
Wu YShi JWang PZeng DSun C(2022)DeepCatra: Learning flow‐ and graph‐based behaviours for Android malware detectionIET Information Security10.1049/ise2.1208217:1(118-130)Online publication date: 7-Aug-2022
https://doi.org/10.1049/ise2.12082
Kouliaridis VKambourakis G(2021)A Comprehensive Survey on Machine Learning Techniques for Android Malware DetectionInformation10.3390/info1205018512:5(185)Online publication date: 25-Apr-2021
https://doi.org/10.3390/info12050185
Kim MKim DHwang CCho SHan SPark M(2021)Machine-Learning-Based Android Malware Family Classification Using Built-In and Custom PermissionsApplied Sciences10.3390/app11211024411:21(10244)Online publication date: 1-Nov-2021
https://doi.org/10.3390/app112110244
Tan STian ZZhong XYu SZhang WDong G(2021)A Novel Android Malware Detection Method Based on Visible User Interface2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom53373.2021.00098(659-666)Online publication date: Oct-2021
https://doi.org/10.1109/TrustCom53373.2021.00098
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents