Abstract
With explosive growth of Android malware and due to its damage to smart phone users, the detection of Android malware is one of the cybersecurity topics that are of great interests. To protect legitimate users from the evolving Android malware attacks, systems using machine learning techniques have been successfully deployed and offer unparalleled flexibility in automatic Android malware detection. Unfortunately, as machine learning based classifiers become more widely deployed, the incentive for defeating them increases. In this paper, we explore the security of machine learning in Android malware detection on the basis of a learning-based classifier with the input of Application Programming Interface (API) calls extracted from the smali files. In particular, we consider different levels of the attackers’ capability and present a set of corresponding evasion attacks to thoroughly assess the security of the classifier. To effectively counter these evasion attacks, we then propose a robust secure-learning paradigm and show that it can improve system security against a wide class of evasion attacks. The proposed model can also be readily applied to other security tasks, such as anti-spam and fraud detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Android: iOS combine for 91 percent of market. http://www.cnet.com
Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: ASIACCS (2006)
Biggio, B., Fumera, G., Roli, F.: Evade hard multiple classifier systems. In: Okun, O., Valentini, G. (eds.) Applications of Supervised and Unsupervised Ensemble Methods. Studies in Computational Intelligence, pp. 15–38. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03999-7_2
Biggio, B., Fumera, G., Roli, F.: Security evaluation of pattern classifiers under attack. IEEE TKDE 26(4), 984–996 (2014)
Bruckner, M., Kanzow, C., Scheffer, T.: Static prediction games for adversarial learning problems. JMLR 13, 2617–2654 (2012)
Debarr, D., Sun, H., Wechsler, H.: Adversarial spam detection using the randomized hough transform-support vector machine. In: ICMLA 2013, pp. 299–304 (2013)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: SPSM (2011)
Haghtalab, N., Fang, F., Nguyen, T.H., Sinha, A., Procaccia, A.D., Tambe, M.: Three strategies to success: learning adversary models in security games. In: IJCAI (2016)
Hou, S., Saas, A., Chen, L., Ye, Y.: Deep4MalDroid: a deep learning framework for android malware detection based on linux kernel system call graphs. In: WIW (2016)
Hou, S., Saas, A., Ye, Y., Chen, L.: DroidDelver: an android malware detection system using deep belief network based on API call blocks. In: Song, S., Tong, Y. (eds.) WAIM 2016. LNCS, vol. 9998, pp. 54–66. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47121-1_5
Kolcz, A., Teo, C.H.: Feature weighting for improved classifier robustness. In: CEAS 2009 (2009)
Li, B., Vorobeychik, Y., Chen, X.: A general retraining framework for adversarial classification. In: NIPS 2016 (2016)
Lowd, D., Meek, C.: Adversarial learning. In: KDD, pp. 641–647 (2005)
Peng, H., Long, F., Ding, C.: Feature selection based on mutual information: criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans. Pattern Anal. Mach. Intell. 27(8), 1226–1238 (2005)
Roli, F., Biggio, B., Fumera, G.: Pattern recognition systems under attack. In: Ruiz-Shulcloper, J., Sanniti di Baja, G. (eds.) CIARP 2013. LNCS, vol. 8258, pp. 1–8. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41822-8_1
Ĺ rndic, N., Laskov, P.: Practical evasion of a learning-based classifier: a case study. In: SP (2014)
Wang, F., Liu, W., Chawla, S.: On sparse feature attacks in adversarial learning. In: ICDM 2014 (2014)
Wood, P.: Internet Security Threat Report 2015. Symantec, California (2015)
Woodbury, M.A.: Inverting modified matrices. Statistical Research Group, Princeton University, Princeton, NJ (1950)
Wu, D., Mao, C., Wei, T., Lee, H., Wu, K.: DroidMat: android malware detection through manifest and API calls tracing. In: Asia JCIS (2012)
Wu, W., Hung, S.: DroidDolphin: a dynamic Android malware detection framework using big data and machine learning. In: RACS (2014)
Xu, J., Yu, Y., Chen, Z., Cao, B., Dong, W., Guo, Y., Cao, J.: MobSafe: cloud computing based forensic analysis for massive mobile applications using data mining. Tsinghua Sci. Technol. 18, 418–427 (2013)
Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_10
Ye, Y., Li, D., Li, T., Ye, D.: IMDS: intelligent malware detection system. In: KDD 2007 (2007)
Ye, Y., Li, T., Zhu, S., Zhuang, W., Tas, E., Gupta, U., Abdulhayoglu, M.: Combining file content and file relations for cloud based malware detection. In: KDD 2011, pp. 222–230 (2011)
Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-Sec: deep learning in android malware detection. In: SIGCOMM (2014)
Zhang, F., Chan, P.P.K., Biggio, B., Yeung, D.S., Roli, F.: Adversarial feature selection against evasion attacks. IEEE Trans. Cybern. 46(3), 766–777 (2015)
Acknowledgments
The authors would also like to thank the experts of Comodo Security Lab for the data collection and helpful discussions. The work is partially supported by the U.S. National Science Foundation under grant CNS-1618629 and Chinese NSF grant 61672157.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Chen, L., Hou, S., Ye, Y., Chen, L. (2017). An Adversarial Machine Learning Model Against Android Malware Evasion Attacks. In: Song, S., Renz, M., Moon, YS. (eds) Web and Big Data. APWeb-WAIM 2017. Lecture Notes in Computer Science(), vol 10612. Springer, Cham. https://doi.org/10.1007/978-3-319-69781-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-69781-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69780-2
Online ISBN: 978-3-319-69781-9
eBook Packages: Computer ScienceComputer Science (R0)