Poking the bear: lessons learned from probing three Android malware datasets

To counter the continuous threat posed by Android malware, we attempted to devise a novel method based on active learning. Nonetheless, evaluating our active learning based method on three different Android malware datasets resulted in performance discrepancies. In an attempt to explain such inconsistencies, we postulated research questions and designed corresponding experiments to answer them. The results of our experiments unveiled the reasons behind the struggles of our method and, more importantly, revealed some limitations with the current Android malware detection methods that, we fear, can be leveraged by malware authors to evade detection. In this paper, we share with the research community our research questions, experiments, and findings to instigate researchers to devise methods to tackle such limitations.

[1]  François Gagnon,et al.  Revisiting Static Analysis of Android Malware , 2017, CSET @ USENIX Security Symposium.

[2]  Juan E. Tapiador,et al.  Evolution, Detection and Analysis of Malware for Smart Devices , 2014, IEEE Communications Surveys & Tutorials.

[3]  Hahn-Ming Lee,et al.  DroidMat: Android Malware Detection through Manifest and API Calls Tracing , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[4]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[5]  Sankardas Roy,et al.  Deep Ground Truth Analysis of Current Android Malware , 2017, DIMVA.

[6]  Gianluca Stringhini,et al.  Eight Years of Rider Measurement in the Android Malware Ecosystem , 2018, IEEE Transactions on Dependable and Secure Computing.

[7]  Jacques Klein,et al.  Euphony: Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware , 2017, 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR).

[8]  Jacques Klein,et al.  Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting , 2017, IEEE Transactions on Information Forensics and Security.

[9]  Yajin Zhou,et al.  Fast, scalable detection of "Piggybacked" mobile applications , 2013, CODASPY.

[10]  Gonzalo Álvarez,et al.  MAMA: MANIFEST ANALYSIS FOR MALWARE DETECTION IN ANDROID , 2013, Cybern. Syst..

[11]  Ali Feizollah,et al.  The Evolution of Android Malware and Android Analysis Techniques , 2017, ACM Comput. Surv..

[12]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[13]  Shigeki Goto,et al.  Detecting Android Malware by Analyzing Manifest Files , 2013 .