Reference : Guided Retraining to Enhance the Detection of Difficult Android Malware
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/55861
Guided Retraining to Enhance the Detection of Difficult Android Malware
English
Daoudi, Nadia mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Allix, Kevin mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust]
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
2023
32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023)
Yes
No
International
32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023)
from 17-07-2023 to 21-07-2023
Seattle
United States of America
[en] Android ; malware ; retraining ; difficult samples
[en] The popularity of Android OS has made it an appealing target for malware developers. To evade detection, including by ML-based techniques, attackers invest in creating malware that closely resemble legitimate apps, challenging the state of the art with difficult-to-detect samples. In this paper, we propose Guided Retraining, a supervised representation learning-based method for boosting the performance of malware detectors. To that end, we first split the experimental dataset into subsets of “easy” and “difficult” samples, where difficulty is associated to the prediction probabilities yielded by a malware detector. For the subset of “easy” samples, the base malware detector is used to make the final predictions since the error rate on that subset is low by construction. Our work targets the second subset containing “difficult” samples, for which the probabilities are such that the classifier is not confident on the predictions, which have high error rates. We apply our Guided Retraining method on these difficult samples to improve their classification. Guided Retraining leverages the correct predictions and the errors made by the base malware detector to guide the retraining process. Guided Retraining learns new embeddings of the difficult samples using Supervised Contrastive Learning and trains an auxiliary classifier for the final predictions. We validate our method on four state-of-the-art Android malware detection approaches using over 265k malware and benign apps. Experimental results show that Guided Retraining can boost state-of-the-art detectors by eliminating up to 45.19% of the prediction errors that they make on difficult samples. We note furthermore that our method is generic and designed to enhance the performance of binary classifiers for other tasks beyond Android malware detection.
University of Luxembourg - UL ; Luxembourg Ministry of Foreign and European Affairs ; Fonds National de la Recherche - FnR
Researchers
http://hdl.handle.net/10993/55861
10.1145/3597926.3598123
https://dl.acm.org/doi/abs/10.1145/3597926.3598123
FnR ; FNR16344458 > Jacques Klein > REPROCESS > Pre And Post Processing For Comprehensive And Practical Android App Static Analysis > 01/01/2022 > 31/12/2024 > 2021

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Guided_Retraining_preprint.pdfAuthor preprint1.86 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.