{"title":"重新审视基于静态特征的安卓恶意软件检测","authors":"Md Tanvirul Alam, Dipkamal Bhusal, Nidhi Rastogi","doi":"arxiv-2409.07397","DOIUrl":null,"url":null,"abstract":"The increasing reliance on machine learning (ML) in computer security,\nparticularly for malware classification, has driven significant advancements.\nHowever, the replicability and reproducibility of these results are often\noverlooked, leading to challenges in verifying research findings. This paper\nhighlights critical pitfalls that undermine the validity of ML research in\nAndroid malware detection, focusing on dataset and methodological issues. We\ncomprehensively analyze Android malware detection using two datasets and assess\noffline and continual learning settings with six widely used ML models. Our\nstudy reveals that when properly tuned, simpler baseline methods can often\noutperform more complex models. To address reproducibility challenges, we\npropose solutions for improving datasets and methodological practices, enabling\nfairer model comparisons. Additionally, we open-source our code to facilitate\nmalware analysis, making it extensible for new models and datasets. Our paper\naims to support future research in Android malware detection and other security\ndomains, enhancing the reliability and reproducibility of published results.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"6 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Revisiting Static Feature-Based Android Malware Detection\",\"authors\":\"Md Tanvirul Alam, Dipkamal Bhusal, Nidhi Rastogi\",\"doi\":\"arxiv-2409.07397\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The increasing reliance on machine learning (ML) in computer security,\\nparticularly for malware classification, has driven significant advancements.\\nHowever, the replicability and reproducibility of these results are often\\noverlooked, leading to challenges in verifying research findings. This paper\\nhighlights critical pitfalls that undermine the validity of ML research in\\nAndroid malware detection, focusing on dataset and methodological issues. We\\ncomprehensively analyze Android malware detection using two datasets and assess\\noffline and continual learning settings with six widely used ML models. Our\\nstudy reveals that when properly tuned, simpler baseline methods can often\\noutperform more complex models. To address reproducibility challenges, we\\npropose solutions for improving datasets and methodological practices, enabling\\nfairer model comparisons. Additionally, we open-source our code to facilitate\\nmalware analysis, making it extensible for new models and datasets. Our paper\\naims to support future research in Android malware detection and other security\\ndomains, enhancing the reliability and reproducibility of published results.\",\"PeriodicalId\":501332,\"journal\":{\"name\":\"arXiv - CS - Cryptography and Security\",\"volume\":\"6 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Cryptography and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.07397\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
计算机安全领域对机器学习(ML)的依赖与日俱增,尤其是在恶意软件分类方面,推动了计算机安全领域的重大进步。然而,这些成果的可复制性和可再现性往往被忽视,导致在验证研究成果方面面临挑战。本文重点讨论了数据集和方法问题,指出了影响安卓恶意软件检测中人工智能研究有效性的关键陷阱。我们使用两个数据集对 Android 恶意软件检测进行了全面分析,并对六种广泛使用的 ML 模型的离线和持续学习设置进行了评估。我们的研究表明,如果调整得当,较简单的基线方法往往能胜过较复杂的模型。为了应对可重复性挑战,我们提出了改进数据集和方法实践的解决方案,从而能够进行更公平的模型比较。此外,我们还将代码开源,以方便软件分析,使其可扩展到新的模型和数据集。我们的论文旨在支持未来在安卓恶意软件检测和其他安全领域的研究,提高已发布结果的可靠性和可重复性。
The increasing reliance on machine learning (ML) in computer security,
particularly for malware classification, has driven significant advancements.
However, the replicability and reproducibility of these results are often
overlooked, leading to challenges in verifying research findings. This paper
highlights critical pitfalls that undermine the validity of ML research in
Android malware detection, focusing on dataset and methodological issues. We
comprehensively analyze Android malware detection using two datasets and assess
offline and continual learning settings with six widely used ML models. Our
study reveals that when properly tuned, simpler baseline methods can often
outperform more complex models. To address reproducibility challenges, we
propose solutions for improving datasets and methodological practices, enabling
fairer model comparisons. Additionally, we open-source our code to facilitate
malware analysis, making it extensible for new models and datasets. Our paper
aims to support future research in Android malware detection and other security
domains, enhancing the reliability and reproducibility of published results.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
