Malware Collusion Attack Against Machine Learning Based Methods: Issues and Countermeasures

  • Hongyi Chen
  • Jinshu SuEmail author
  • Linbo Qiao
  • Yi Zhang
  • Qin Xin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11067)


Android has become the most popular platform for mobile devices, and also it has become a popular target for malware developers. At the same time, researchers have proposed a large number of methods, both static and dynamic analysis methods, to fight against malwares. Among these, Machine learning based methods are quite effective in Android malware detection, the accuracy of which can be up to 98%. Thus, malware developers have the incentives to develop more advanced malwares to evade detection. This paper presents an adversary attack pattern that will compromise current machine learning based malware detection methods. The malware developers can perform this attack easily by splitting malicious payload into two or more apps. The split apps will all be classified as benign by current methods. Thus, we proposed a method to deal with this issue. This approach, realized in a tool, called ColluDroid, can identify the collusion apps by analyzing the communication between apps. The evaluation results show that ColluDroid is effective in finding out the collusion apps. Also, we showed that it’s easy to split an app to evade detection. According to our split simulation, the evasion rate is 78%, when split into two apps; while the evasion rate comes to 94.8%, when split into three apps.


Android security Machine learning Collusion attack 


  1. 1.
    Arp, D., Spreitzenbarth, M.: DREBIN: effective and explainable detection of android malware in your pocket. NDSS 14, 23–26 (2014)Google Scholar
  2. 2.
    Boyabatli, O., Sabuncuoglu, I.: Parameter selection in genetic algorithms. J. Systemics Cybern. Inf. 4(2), 78 (2004)Google Scholar
  3. 3.
    Chen, L., Ye, Y.: SecMD: make machine learning more secure against adversarial malware attacks. In: Peng, W., Alahakoon, D., Li, X. (eds.) AI 2017. LNCS (LNAI), vol. 10400, pp. 76–89. Springer, Cham (2017). Scholar
  4. 4.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th international Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)Google Scholar
  5. 5.
    Faruki, P., et al.: Android security: a survey of issues, malware penetration and defenses. IEEE Commun. Surv. Tutorials PP(99), 1 (2015)Google Scholar
  6. 6.
    Grosse, K., Papernot, N., Manoharan, P., et al.: Adversarial perturbations against deep neural networks for malware classification. arXiv, June 2016Google Scholar
  7. 7.
    Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning: Data mining, Inference, and Prediction, vol. 2. Springer, New York (2001). Scholar
  8. 8.
    Hou, S., Ye, Y., Song, Y., Abdulhayoglu, M.: HinDroid: an intelligent android malware detection system based on structured heterogeneous information network. In: KDD 2017, pp. 1507–1515. ACM Press, New York (2017)Google Scholar
  9. 9.
    Lam, P., Bodden, E., Lhoták, O., Hendren, L.: The soot framework for Java program analysis: a retrospective. In: Cetus Users and Compiler Infastructure Workshop (CETUS 2011), vol. 15, p. 35 (2011)Google Scholar
  10. 10.
    Liang, Z., Liu, H., Qiao, L., Feng, Y., Chen, W.: Improving stereo matching by incorporating geometry prior into convnet. Electron. Lett. 53(17), 1194–1196 (2017)CrossRefGoogle Scholar
  11. 11.
    Lockheimer, H.: Android and security (2012).
  12. 12.
  13. 13.
    Octeau, D., Luchaup, D., Dering, M., et al.: Composite constant propagation: application to android inter-component communication analysis. In: Proceedings - International Conference on Software Engineering, vol. 1, pp. 77–88 (2015)Google Scholar
  14. 14.
    Qiao, L., Zhang, B., Lu, X., Su, J.: Adaptive linearized alternating direction method of multipliers for non-convex compositely regularized optimization problems. Tsinghua Sci. Technol. 22(3), 328–341 (2017)CrossRefGoogle Scholar
  15. 15.
    Roman, U., Fedor, S., Denis, P., Alexander, L.: It threat evolution q3 2017. statistics (2017).
  16. 16.
    Securelist: Mobile malware evolution: 2013 (2013).
  17. 17.
    Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: CCS 2014, pp. 1105–1116 (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Hongyi Chen
    • 1
  • Jinshu Su
    • 1
    Email author
  • Linbo Qiao
    • 1
  • Yi Zhang
    • 1
  • Qin Xin
    • 2
  1. 1.National Key Laboratory for Parallel and Distributed ProcessingNational University of Defense TechnologyChangshaChina
  2. 2.Faculty of Science and TechnologyUniversity of the Faroe IslandsTorshavnFaroe Islands

Personalised recommendations