Android malware concept drift using system calls: Detection, characterization and challenges

Alejandro Guerra-Manzanares, Marcin Luckner, Hayretdin Bahsi

Research output: Journal PublicationArticlepeer-review

24 Citations (Scopus)

Abstract

The majority of Android malware detection solutions have focused on the achievement of high performance in old and short snapshots of historical data, which makes them prone to lack the generalization and adaptation capabilities needed to discriminate effectively new malware trends in an extended time span. These approaches analyze the phenomenon from a stationary point of view, neglecting malware evolution and its degenerative impact on detection models as new data emerge, the so-called concept drift. This research proposes a novel method to detect and effectively address concept drift in Android malware detection and demonstrates the results in a seven-year-long data set. The proposed solution manages to keep high-performance metrics over a long period of time and minimizes model retraining efforts by using data sets belonging to short periods. Different timestamps are evaluated in the experimental setup and their impact on the detection performance is compared. Additionally, the characterization of concept drift in Android malware is performed by leveraging the inner workings of the proposed solution. In this regard, the discriminatory properties of the important features are analyzed at various time horizons.

Original languageEnglish
Article number117200
JournalExpert Systems with Applications
Volume206
DOIs
Publication statusPublished - 15 Nov 2022
Externally publishedYes

Keywords

  • Android malware
  • Concept drift
  • Malware behavior
  • Malware characterization
  • Malware detection
  • Malware evolution
  • Mobile malware
  • System calls

ASJC Scopus subject areas

  • General Engineering
  • Computer Science Applications
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'Android malware concept drift using system calls: Detection, characterization and challenges'. Together they form a unique fingerprint.

Cite this