Evaluating Automatic Malware Classifiers in the Absence of Reference Labels
| dc.contributor.advisor | Nicholas, Charles | |
| dc.contributor.author | Joyce, Robert j | |
| dc.contributor.department | Computer Science and Electrical Engineering | |
| dc.contributor.program | Computer Science | |
| dc.date.accessioned | 2021-09-01T13:55:38Z | |
| dc.date.available | 2021-09-01T13:55:38Z | |
| dc.date.issued | 2020-01-01 | |
| dc.description.abstract | The malware analysis community is completely devoid of a diverse, up to date reference dataset with ground truth labels. Consequentially, it is typical for automatic malware classifiers to be evaluated using custom datasets with near ground truth labels. However, classifier evaluation using near ground truth labels can yield erroneous or biased results. We propose an alternative classifier evaluation framework that does not require reference labels. We introduce the concept of a ground truth refinement and propose potential methods for constructing an approximation of one from a malware dataset. We prove that using a ground truth refinement it is possible to compute lower bounds on precision and error rate as well as upper bounds on recall and accuracy without requiring ground truth reference labels. We perform a case study on the popular AVClass malware labeler using our proposed evaluation framework. | |
| dc.format | application:pdf | |
| dc.genre | theses | |
| dc.identifier | doi:10.13016/m2xtjd-7oqz | |
| dc.identifier.other | 12166 | |
| dc.identifier.uri | http://hdl.handle.net/11603/22879 | |
| dc.language | en | |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Theses and Dissertations Collection | |
| dc.relation.ispartof | UMBC Graduate School Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.source | Original File Name: Joyce_umbc_0434M_12166.pdf | |
| dc.subject | Classifier Evaluation | |
| dc.subject | Data Science | |
| dc.subject | Malware Analysis | |
| dc.subject | Malware Classification | |
| dc.title | Evaluating Automatic Malware Classifiers in the Absence of Reference Labels | |
| dc.type | Text | |
| dcterms.accessRights | Access limited to the UMBC community. Item may possibly be obtained via Interlibrary Loan thorugh a local library, pending author/copyright holder's permission. | |
| dcterms.accessRights | This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- Joyce_umbc_0434M_12166.pdf
- Size:
- 331.12 KB
- Format:
- Adobe Portable Document Format