Differences in Android Behavior between Real Device and Emulator: A Malware Detection Perspective

Alejandro Guerra-Manzanares, Hayretdin Bahsi, Sven Nomm

Research output: Chapter in Book/Conference proceedingConference contributionpeer-review

11 Citations (Scopus)

Abstract

Behavioral data extracted from emulators or real devices, such as system calls, are utilized in research studies where machine learning models have been employed for mobile malware detection. However, these studies do not explore whether the selection of data source may have an impact on the performance of the models, assuming that both data sources generate similar outputs. We provide a comparative analysis of the data sets obtained from both sources by using statistical techniques, inducing learning models and demonstrating the impact of data source selection on detection models' performance. Our study shows that emulators generate more distinguishable data than real devices, meaning that designers of detection models should pay attention to the data sources utilized in the various steps of the machine learning workflow.

Original languageEnglish
Title of host publication2019 6th International Conference on Internet of Things
Subtitle of host publicationSystems, Management and Security, IOTSMS 2019
EditorsMohammad Alsmirat, Yaser Jararweh
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages399-404
Number of pages6
ISBN (Electronic)9781728129495
DOIs
Publication statusPublished - Oct 2019
Externally publishedYes
Event6th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2019 - Granada, Spain
Duration: 22 Oct 201925 Oct 2019

Publication series

Name2019 6th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2019

Conference

Conference6th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2019
Country/TerritorySpain
CityGranada
Period22/10/1925/10/19

Keywords

  • android malware
  • dynamic analysis
  • machine learning
  • mobile malware detection
  • system call

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Differences in Android Behavior between Real Device and Emulator: A Malware Detection Perspective'. Together they form a unique fingerprint.

Cite this