Explaining Black-box Android Malware Detection

03/09/2018
by   Marco Melis, et al.
0

Machine-learning models have been recently used for detecting malicious Android applications, reporting impressive performances on benchmark datasets, even when trained only on features statically extracted from the application, such as system calls and permissions. However, recent findings have highlighted the fragility of such in-vitro evaluations with benchmark datasets, showing that very few changes to the content of Android malware may suffice to evade detection. How can we thus trust that a malware detector performing well on benchmark data will continue to do so when deployed in an operating environment? To mitigate this issue, the most popular Android malware detectors use linear, explainable machine-learning models to easily identify the most influential features contributing to each decision. In this work, we generalize this approach to any black-box machine- learning model, by leveraging a gradient-based approach to identify the most influential local features. This enables using nonlinear models to potentially increase accuracy without sacrificing interpretability of decisions. Our approach also highlights the global characteristics learned by the model to discriminate between benign and malware applications. Finally, as shown by our empirical analysis on a popular Android malware detection task, it also helps identifying potential vulnerabilities of linear and nonlinear models against adversarial manipulations.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
01/30/2023

A Comprehensive Investigation of Feature and Model Importance in Android Malware Detection

The popularity and relative openness of Android means it is a popular ta...
research
05/04/2020

Do Gradient-based Explanations Tell Anything About Adversarial Robustness to Android Malware?

Machine-learning algorithms trained on features extracted from static co...
research
01/11/2019

Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries

Recent work has shown that deep-learning algorithms for malware detectio...
research
11/06/2021

"How Does It Detect A Malicious App?" Explaining the Predictions of AI-based Android Malware Detector

AI methods have been proven to yield impressive performance on Android m...
research
12/05/2016

N-gram Opcode Analysis for Android Malware Detection

Android malware has been on the rise in recent years due to the increasi...
research
05/24/2018

R-PackDroid: Practical On-Device Detection of Android Ransomware

Ransomware constitutes a major threat for the Android operating system. ...
research
04/12/2022

Malceiver: Perceiver with Hierarchical and Multi-modal Features for Android Malware Detection

We propose the Malceiver, a hierarchical Perceiver model for Android mal...

Please sign up or login with your details

Forgot password? Click here to reset