Empirical evaluation of minority oversampling techniques in the context of Android malware detection
Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
12-2021
Abstract
In Android malware classification, the distribution of training data among classes is often imbalanced. This causes the learning algorithm to bias towards the dominant classes, resulting in mis-classification of minority classes. One effective way to improve the performance of classifiers is the synthetic generation of minority instances. One pioneer technique in this area is Synthetic Minority Oversampling Technique (SMOTE) and since its publication in 2002, several variants of SMOTE have been proposed and evaluated on various imbalanced datasets. However, these techniques have not been evaluated in the context of Android malware detection. Studies have shown that the performance of SMOTE and its variants can vary across different application domains. In this paper, we conduct a large scale empirical evaluation of SMOTE and its variants on six different datasets that reflect six types of features commonly used in Android malware detection. The datasets are extracted from a benchmark of 4,572 benign apps and 2,399 malicious Android apps, used in our previous study. Through extensive experiments, we set a new baseline in the field of Android malware detection, and provide guidance to practitioners on the application of different SMOTE variants to Android malware detection.
Keywords
Malware detection, Oversampling, Imbalanced learning, SMOTE, SMOTE variants, Android malware
Discipline
Databases and Information Systems | Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
2021 28th Asia-Pacific Software Engineering Conference (APSEC): Taiwan, December 6-9: Proceedings
First Page
349
Last Page
359
ISBN
9781665437844
Identifier
10.1109/APSEC53868.2021.00042
Publisher
IEEE Computer Society
City or Country
Los Alamitos, CA
Citation
SHAR, Lwin Khin; TA, Nguyen Binh Duong; and LO, David.
Empirical evaluation of minority oversampling techniques in the context of Android malware detection. (2021). 2021 28th Asia-Pacific Software Engineering Conference (APSEC): Taiwan, December 6-9: Proceedings. 349-359.
Available at: https://ink.library.smu.edu.sg/sis_research/6852
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/APSEC53868.2021.00042