Longitudinal performance analysis of machine learning based Android malware detectors
This paper presents a longitudinal study of the performance of machine learning classifiers for Android malware detection. The study is undertaken using features extracted from Android applications first seen between 2012 and 2016. The aim is to investigate the extent of performance decay over time for various machine learning classifiers trained with static features extracted from date-labelled benign and malware application sets. Using date-labelled apps allows for true mimicking of zero-day testing, thus providing a more realistic view of performance than the conventional methods of evaluation that do not take date of appearance into account. In this study, all the investigated machine learning classifiers showed progressive diminishing performance when tested on sets of samples from a later time period. Overall, it was found that false positive rate (misclassifying benign samples as malicious) increased more substantially compared to the fall in True Positive rate (correct classification of malicious apps) when older models were tested on newer app samples.
Citation : Yerima, S. and Khan, S. (2019) Longitudinal performance analysis of machine learning based Android malware detectors. International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2019), Oxford, UK, June 3-4, 2019.
Research Institute : Cyber Technology Institute (CTI)
Peer Reviewed : Yes