liu.seSearch for publications in DiVA
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Comment on "AndrODet: An adaptive Android obfuscation detector"
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. (Security and Networks Group)ORCID iD: 0000-0003-3233-8922
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
2020 (English)Other (Other academic)
Abstract [en]

We have identified a methodological problem in the empirical evaluation of the string encryption detection capabilities of the AndrODet system described by Mirzaei et al. in the recent paper "AndrODet: An adaptive Android obfuscation detector". The accuracy of string encryption detection is evaluated using samples from the AMD and PraGuard malware datasets. However, the authors failed to account for the fact that many of the AMD samples are highly similar due to the fact that they come from the same malware family. This introduces a risk that a machine learning system trained on these samples could fail to learn a generalizable model for string encryption detection, and might instead learn to classify samples based on characteristics of each malware family. Our own evaluation strongly indicates that the reported high accuracy of AndrODet's string encryption detection is indeed due to this phenomenon. When we evaluated AndrODet, we found that when we ensured that samples from the same family never appeared in both training and testing data, the accuracy dropped to around 50%. Moreover, the PraGuard dataset is not suitable for evaluating a static string encryption detector such as AndrODet, since the particular obfuscation tool used to produce the dataset effectively makes it impossible to extract meaningful features of static strings in Android apps.
Place, publisher, year, pages
2020.
Series
arXiv.org ; 1910.06192v2
Keywords [en]
AndrODet, Android, Malware, Obfuscation, String encryption, Machine learning
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:liu:diva-167212OAI: oai:DiVA.org:liu-167212DiVA, id: diva2:1448829
Projects
Automated android malware analysis using machine learningAvailable from: 2020-06-29 Created: 2020-06-29 Last updated: 2020-06-29

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Kargén, UlfShahmehri, Nahid

Search in DiVA

By author/editor
Mohammadinodooshan, AlirezaKargén, UlfShahmehri, Nahid
By organisation
Database and information techniquesFaculty of Science & Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 153 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
Accessibility
|
DiVA portal
|
DiVA Log in
|
Contact us
|
LiU University Library
|
SwePub
|
Uppsök