Towards sustainable Android malware detection

• Published in: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings pp. 350 - 351
• Main Authors: Cai, Haipeng, Jenkins, John
• Format: Conference Proceeding
• Language: English
• Published: New York, NY, USA ACM 27.05.2018
• Series: ACM Conferences
• ISBN: 9781450356633; 145035663X
• DOI: 10.1145/3183440.3195004

Approaches to Android malware detection built on supervised learning are commonly subject to frequent retraining, or the trained classifier may fail to detect newly emerged or emerging kinds of malware. This work targets a sustainable Android malware detector that, once trained on a dataset, can continue to effectively detect new malware without retraining. To that end, we investigate how the behaviors of benign and malicious apps evolve over time, and identify the most consistently discriminating behavioral traits of benign apps from malware. Our preliminary results reveal a promising prospect of this approach. On a benchmark set across seven years, our approach achieved highly competitive detection accuracy that sustained up to five years, outperforming the state of the art which sustained up to two years.