Shallow machine learning is massively applied by researchers with the aim to detect (novel and unseen) malicious applications. Machine learning models are typically evaluated using malicious and trusted applications generated over a short period. In the real world, these models aim to identify malware that were not seen previously during the training phase. In this paper, we investigate how well machine learning-based malware detectors can actually detect malware in the real-world environment. By representing an Android application in terms of image, we evaluate the resilience of several popular supervised machine learning algorithms exploited by current literature for the malware detection task. The experimental results demonstrate the poor resilience of the machine learning models used for malware detection.
On the Resilience of Shallow Machine Learning Classification in Image-based Malware Detection
Casolare R.;Mercaldo F.;Santone A.;
2022-01-01
Abstract
Shallow machine learning is massively applied by researchers with the aim to detect (novel and unseen) malicious applications. Machine learning models are typically evaluated using malicious and trusted applications generated over a short period. In the real world, these models aim to identify malware that were not seen previously during the training phase. In this paper, we investigate how well machine learning-based malware detectors can actually detect malware in the real-world environment. By representing an Android application in terms of image, we evaluate the resilience of several popular supervised machine learning algorithms exploited by current literature for the malware detection task. The experimental results demonstrate the poor resilience of the machine learning models used for malware detection.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
