Skip to main content
SpringerLink
Log in
SpringerLink
Log in

An Adversarial Machine Learning Model Against Android Malware Evasion Attacks

  • Conference paper
  • First Online:
Web and Big Data (APWeb-WAIM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10612))

Abstract

With explosive growth of Android malware and due to its damage to smart phone users, the detection of Android malware is one of the cybersecurity topics that are of great interests. To protect legitimate users from the evolving Android malware attacks, systems using machine learning techniques have been successfully deployed and offer unparalleled flexibility in automatic Android malware detection. Unfortunately, as machine learning based classifiers become more widely deployed, the incentive for defeating them increases. In this paper, we explore the security of machine learning in Android malware detection on the basis of a learning-based classifier with the input of Application Programming Interface (API) calls extracted from the smali files. In particular, we consider different levels of the attackers’ capability and present a set of corresponding evasion attacks to thoroughly assess the security of the classifier. To effectively counter these evasion attacks, we then propose a robust secure-learning paradigm and show that it can improve system security against a wide class of evasion attacks. The proposed model can also be readily applied to other security tasks, such as anti-spam and fraud detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Android: iOS combine for 91 percent of market. http://www.cnet.com

  2. APKTool. http://ibotpeaches.github.io/Apktool/

  3. Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: ASIACCS (2006)

    Google Scholar 

  4. Biggio, B., Fumera, G., Roli, F.: Evade hard multiple classifier systems. In: Okun, O., Valentini, G. (eds.) Applications of Supervised and Unsupervised Ensemble Methods. Studies in Computational Intelligence, pp. 15–38. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03999-7_2

    Chapter  Google Scholar 

  5. Biggio, B., Fumera, G., Roli, F.: Security evaluation of pattern classifiers under attack. IEEE TKDE 26(4), 984–996 (2014)

    Google Scholar 

  6. Bruckner, M., Kanzow, C., Scheffer, T.: Static prediction games for adversarial learning problems. JMLR 13, 2617–2654 (2012)

    MATH  MathSciNet  Google Scholar 

  7. Debarr, D., Sun, H., Wechsler, H.: Adversarial spam detection using the randomized hough transform-support vector machine. In: ICMLA 2013, pp. 299–304 (2013)

    Google Scholar 

  8. Dex. http://www.openthefile.net/extension/dex

  9. Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: SPSM (2011)

    Google Scholar 

  10. Haghtalab, N., Fang, F., Nguyen, T.H., Sinha, A., Procaccia, A.D., Tambe, M.: Three strategies to success: learning adversary models in security games. In: IJCAI (2016)

    Google Scholar 

  11. Hou, S., Saas, A., Chen, L., Ye, Y.: Deep4MalDroid: a deep learning framework for android malware detection based on linux kernel system call graphs. In: WIW (2016)

    Google Scholar 

  12. Hou, S., Saas, A., Ye, Y., Chen, L.: DroidDelver: an android malware detection system using deep belief network based on API call blocks. In: Song, S., Tong, Y. (eds.) WAIM 2016. LNCS, vol. 9998, pp. 54–66. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47121-1_5

    Chapter  Google Scholar 

  13. IDC. http://www.idc.com/getdoc.jsp?containerId=prUS25500515

  14. Kolcz, A., Teo, C.H.: Feature weighting for improved classifier robustness. In: CEAS 2009 (2009)

    Google Scholar 

  15. Li, B., Vorobeychik, Y., Chen, X.: A general retraining framework for adversarial classification. In: NIPS 2016 (2016)

    Google Scholar 

  16. Lowd, D., Meek, C.: Adversarial learning. In: KDD, pp. 641–647 (2005)

    Google Scholar 

  17. Peng, H., Long, F., Ding, C.: Feature selection based on mutual information: criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans. Pattern Anal. Mach. Intell. 27(8), 1226–1238 (2005)

    Article  Google Scholar 

  18. Roli, F., Biggio, B., Fumera, G.: Pattern recognition systems under attack. In: Ruiz-Shulcloper, J., Sanniti di Baja, G. (eds.) CIARP 2013. LNCS, vol. 8258, pp. 1–8. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41822-8_1

    Chapter  Google Scholar 

  19. Ĺ rndic, N., Laskov, P.: Practical evasion of a learning-based classifier: a case study. In: SP (2014)

    Google Scholar 

  20. Wang, F., Liu, W., Chawla, S.: On sparse feature attacks in adversarial learning. In: ICDM 2014 (2014)

    Google Scholar 

  21. Wood, P.: Internet Security Threat Report 2015. Symantec, California (2015)

    Google Scholar 

  22. Woodbury, M.A.: Inverting modified matrices. Statistical Research Group, Princeton University, Princeton, NJ (1950)

    Google Scholar 

  23. Wu, D., Mao, C., Wei, T., Lee, H., Wu, K.: DroidMat: android malware detection through manifest and API calls tracing. In: Asia JCIS (2012)

    Google Scholar 

  24. Wu, W., Hung, S.: DroidDolphin: a dynamic Android malware detection framework using big data and machine learning. In: RACS (2014)

    Google Scholar 

  25. Xu, J., Yu, Y., Chen, Z., Cao, B., Dong, W., Guo, Y., Cao, J.: MobSafe: cloud computing based forensic analysis for massive mobile applications using data mining. Tsinghua Sci. Technol. 18, 418–427 (2013)

    Article  Google Scholar 

  26. Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_10

    Google Scholar 

  27. Ye, Y., Li, D., Li, T., Ye, D.: IMDS: intelligent malware detection system. In: KDD 2007 (2007)

    Google Scholar 

  28. Ye, Y., Li, T., Zhu, S., Zhuang, W., Tas, E., Gupta, U., Abdulhayoglu, M.: Combining file content and file relations for cloud based malware detection. In: KDD 2011, pp. 222–230 (2011)

    Google Scholar 

  29. Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-Sec: deep learning in android malware detection. In: SIGCOMM (2014)

    Google Scholar 

  30. Zhang, F., Chan, P.P.K., Biggio, B., Yeung, D.S., Roli, F.: Adversarial feature selection against evasion attacks. IEEE Trans. Cybern. 46(3), 766–777 (2015)

    Article  Google Scholar 

Download references

Acknowledgments

The authors would also like to thank the experts of Comodo Security Lab for the data collection and helpful discussions. The work is partially supported by the U.S. National Science Foundation under grant CNS-1618629 and Chinese NSF grant 61672157.

Author information

Authors and Affiliations

  1. Department of Computer Science and Electrical Engineering, West Virginia University, Morgantown, WV, 26506, USA

    Lingwei Chen, Shifu Hou & Yanfang Ye

  2. School of Mathematics and Computer Science, Fujian Normal University, Fuzhou, 350117, Fujian, China

    Lifei Chen

Authors
  1. Lingwei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shifu Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yanfang Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lifei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yanfang Ye .

Editor information

Editors and Affiliations

  1. Tsinghua University, Beijing, China

    Shaoxu Song

  2. George Mason University, Fairfax, Virginia, USA

    Matthias Renz

  3. Kangwon National University, Chuncheon, Korea (Republic of)

    Yang-Sae Moon

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, L., Hou, S., Ye, Y., Chen, L. (2017). An Adversarial Machine Learning Model Against Android Malware Evasion Attacks. In: Song, S., Renz, M., Moon, YS. (eds) Web and Big Data. APWeb-WAIM 2017. Lecture Notes in Computer Science(), vol 10612. Springer, Cham. https://doi.org/10.1007/978-3-319-69781-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69781-9_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69780-2

  • Online ISBN: 978-3-319-69781-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation