The popularity of mobile devices, such as smartphones and tablets, hasgrown significantly in the past decade. Unfortunately, theirpopularity has also made them a profitable target for malware authors,leaving these devices often unprotected, as anti-virus vendors cannotalways provide updates for their products on time.To compensate for the weaknesses of current anti-virus scanners,researchers have proposed various methods for the detection of mobilemalware based on machine learning. These approaches have proven to becapable of deriving effective patterns to detect malwareautomatically. Most recently, however, it has been shown that thedetection performance of these methods decreases over time, aphenomenon referred to as "dataset shift" in machine learningtheory. While, for instance, the growing use of obfuscation techniquesin mobile applications explains parts of these observations, thecauses for dataset shift in this domain are mostly still unknown.In this project, we aim to gather a comprehensive understanding of thereasons behind dataset shift and how to alleviate its impact on thedetection performance of learning-based systems for mobile malwaredetection. To this end, we guide our research along the following twosteps: In the first step, we analyze the detection capabilities ofexisting approaches over time by adapting methods for interpretingmachine learning models. This way, we attempt to identify factors thatimpede the detection of mobile malware and are primarily responsiblefor the emergence of dataset shift. In the second step, we exploredifferent feature spaces to develop suitable methods for detectingmobile malware over time.

DFG Programme WBP Position