Longitudinal performance analysis of machine learning based Android malware detectors

Date

2019-06

Advisors

Journal Title

Journal ISSN

ISSN

DOI

Volume Title

Publisher

Type

Conference

Peer reviewed

Yes

Abstract

This paper presents a longitudinal study of the performance of machine learning classifiers for Android malware detection. The study is undertaken using features extracted from Android applications first seen between 2012 and 2016. The aim is to investigate the extent of performance decay over time for various machine learning classifiers trained with static features extracted from date-labelled benign and malware application sets. Using date-labelled apps allows for true mimicking of zero-day testing, thus providing a more realistic view of performance than the conventional methods of evaluation that do not take date of appearance into account. In this study, all the investigated machine learning classifiers showed progressive diminishing performance when tested on sets of samples from a later time period. Overall, it was found that false positive rate (misclassifying benign samples as malicious) increased more substantially compared to the fall in True Positive rate (correct classification of malicious apps) when older models were tested on newer app samples.

Description

Keywords

Android malware detection, Longitudinal performance analysis, Static analysis, Machine learning, Android security

Citation

Yerima, S. and Khan, S. (2019) Longitudinal performance analysis of machine learning based Android malware detectors. International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2019), Oxford, UK, June 3-4, 2019.

Rights

Research Institute