Overview
Explore a conference talk from USENIX Security '19 that challenges the notion of Android malware classification as a solved problem. Delve into the concept of TESSERACT, a framework designed to eliminate experimental bias in malware classification across space and time. Learn about the pervasive sources of bias in current research, including "spatial bias" and "temporal bias," and understand their impact on published results. Discover a new set of constraints for experiment design that aim to produce more realistic and reliable outcomes. Examine a novel metric for assessing classifier robustness in real-world scenarios and an algorithm for performance tuning. Gain insights into evaluating mitigation strategies for time decay, such as active learning. Follow the speaker's implementation of these solutions in an open-source evaluation framework and its application to three Android malware classifiers using a dataset of 129,000 applications over three years. Uncover counterintuitive performance results and the potential for significant improvements through appropriate tuning techniques.
Syllabus
USENIX Security '19 - TESSERACT: Eliminating Experimental Bias in Malware Classification
Taught by
USENIX