Malware detection at scale in the Android realm is often carried out using machine learning techniques. State-of-the-art approaches such as DREBIN and MaMaDroid are reported to yield high detection rates when assessed against well-known datasets. Unfortunately, such datasets may include a large portion of duplicated samples, which may bias recorded experimental results and insights. In this article, we perform extensive experiments to measure the performance gap that occurs when datasets are de-duplicated. Our experimental results reveal that duplication in published datasets has a limited impact on supervised malware classification models. This observation contrasts with the finding of Allamanis on the general case of machine learning bias for big code. Our experiments, however, show that sample duplication more substantially affects unsupervised learning models (e.g., malware family clustering). Nevertheless, we argue that our fellow researchers and practitioners should always take sample duplication into consideration when performing machine-learning-based (via either supervised or unsupervised learning) Android malware detections, no matter how significant the impact might be.

中文翻译：

---

基于机器学习的安卓恶意软件检测中样本重复的影响

Android 领域的大规模恶意软件检测通常使用机器学习技术进行。据报道，DREBIN 和 MaMaDroid 等最先进的方法在针对知名数据集进行评估时会产生高检测率。不幸的是，此类数据集可能包含大部分重复样本，这可能会使记录的实验结果和见解产生偏差。在本文中，我们进行了广泛的实验来衡量数据集被重复数据删除时出现的性能差距。我们的实验结果表明，已发布数据集中的重复对受监督的恶意软件分类模型的影响有限。这一观察结果与 Allamanis 对大代码机器学习偏差的一般情况的发现形成鲜明对比。然而，我们的实验，表明样本重复对无监督学习模型的影响更大（例如，恶意软件家族聚类）。尽管如此，我们认为我们的研究人员和从业人员在执行基于机器学习（通过监督或无监督学习）的 Android 恶意软件检测时应始终考虑样本重复，无论其影响可能有多大。