Empirical evaluation of minority oversampling techniques in the context of Android malware detection

Empirical evaluation of minority oversampling techniques in the context of Android malware detection

In Android malware classification, the distribution of training data among classes is often imbalanced. This causes the learning algorithm to bias towards the dominant classes, resulting in mis-classification of minority classes. One effective way to improve the performance of classifiers is the syn...

Full description

Saved in:
Bibliographic Details
Main Authors: SHAR, Lwin Khin, TA, Nguyen Binh Duong, LO, David
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2021
Subjects:
Malware detection
Oversampling
Imbalanced learning
SMOTE
SMOTE variants
Android malware
Databases and Information Systems
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/6852
https://ink.library.smu.edu.sg/context/sis_research/article/7855/viewcontent/Smote_2021.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:In Android malware classification, the distribution of training data among classes is often imbalanced. This causes the learning algorithm to bias towards the dominant classes, resulting in mis-classification of minority classes. One effective way to improve the performance of classifiers is the synthetic generation of minority instances. One pioneer technique in this area is Synthetic Minority Oversampling Technique (SMOTE) and since its publication in 2002, several variants of SMOTE have been proposed and evaluated on various imbalanced datasets. However, these techniques have not been evaluated in the context of Android malware detection. Studies have shown that the performance of SMOTE and its variants can vary across different application domains. In this paper, we conduct a large scale empirical evaluation of SMOTE and its variants on six different datasets that reflect six types of features commonly used in Android malware detection. The datasets are extracted from a benchmark of 4,572 benign apps and 2,399 malicious Android apps, used in our previous study. Through extensive experiments, we set a new baseline in the field of Android malware detection, and provide guidance to practitioners on the application of different SMOTE variants to Android malware detection.

Similar Items