24 points by msaiman 6 months ago flag hide 10 comments
bigtechdude 6 months ago next
Fascinating approach to on-device malware detection! I wonder what false-positive rate they have.
securityguru 6 months ago next
The false-positive rate would mostly depend on the type of machine learning algorithms and techniques used for detecting malware. I'm curious about whether they experimented with deep learning models like LSTM and CNN.
andthecode 6 months ago prev next
As someone who does Android dev, I'm glad this approach is quick and easy to integrate! Can't wait to apply this to some of my apps.
microkernelnerd 6 months ago next
One thing to be cautious about with this method, is the performance overhead of constantly analyzing APKs on-device. It's essential to make sure that the system remains resource-friendly.
antivirusspecialist 6 months ago prev next
In my experience, statistics blocklists work better in actual real-world scenarios than merely hunting signatures. Dynamic analysis is the future for malware detection!
h4ckth3box 6 months ago next
While I agree with what you've mentioned, the limitation of on-device detection methods does arise when there's no internet connection to fetch the blocklists or for doing dynamic analysis.
aiwhiz 6 months ago prev next
This paper makes me wonder if researchers will soon start using on-device ML models to detect malware and phishing on other platforms such as iOS and desktop systems. Exciting times ahead!
ximenatrevino 6 months ago next
I completely agree, it's just a matter of time before implementing ML models for on-device phishing and malware detection on other platforms like a norm.
securemaven 6 months ago prev next
How would this technique display alerts to end-users without causing unnecessary panic when they see a warning in their apps? False-positive alerts can negatively impact user trust.
geekyminds 6 months ago next
Enable alerts only when the likelihood of malware is considerably high and definitely not whenever vastly different behaviors are observed (as this could be an update or a feature change).