计算机科学
恶意软件
探测器
Android(操作系统)
混淆
概念漂移
稳健性(进化)
机器学习
人工智能
源代码
移动设备
数据挖掘
计算机工程
计算机安全
操作系统
电信
生物化学
化学
数据流挖掘
基因
作者
Cuiying Gao,Guangtao Huang,Heng Li,Bihu Wu,Yueming Wu,Wei Yuan
标识
DOI:10.1145/3597503.3623320
摘要
Recent years have witnessed the proliferation of learning-based Android malware detectors. These detectors can be categorized into three types, String-based, Image-based and Graph-based. Most of them have achieved good detection performance under the ideal setting. In reality, however, detectors often face out-of-distribution samples due to the factors such as code obfuscation, concept drift (e.g., software development technique evolution and new malware category emergence), and adversarial examples (AEs). This problem has attracted increasing attention, but there is a lack of comparative studies that evaluate the existing various types of detectors under these challenging environments. In order to fill this gap, we select 12 representative detectors from three types of detectors, and evaluate them in the challenging scenarios involving code obfuscation, concept drift and AEs, respectively. Experimental results reveal that none of the evaluated detectors can maintain their ideal-setting detection performance, and the performance of different types of detectors varies significantly under various challenging environments. We identify several factors contributing to the performance deterioration of detectors, including the limitations of feature extraction methods and learning models. We also analyze the reasons why the detectors of different types show significant performance differences when facing code obfuscation, concept drift and AEs. Finally, we provide practical suggestions from the perspectives of users and researchers, respectively. We hope our work can help understand the detectors of different types, and provide guidance for enhancing their performance and robustness.
科研通智能强力驱动
Strongly Powered by AbleSci AI