Can machine learning model with static features be fooled: an adversarial machine learning approach

  • PDF / 1,450,552 Bytes
  • 21 Pages / 595.276 x 790.866 pts Page_size
  • 31 Downloads / 288 Views

DOWNLOAD

REPORT

(0123456789().,-volV)(0123456789(). ,- volV)

Can machine learning model with static features be fooled: an adversarial machine learning approach Rahim Taheri1 • Reza Javidan1 • Mohammad Shojafar2 • P. Vinod2 • Mauro Conti2 Received: 8 October 2019 / Revised: 22 February 2020 / Accepted: 1 March 2020 Ó Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract The widespread adoption of smartphones dramatically increases the risk of attacks and the spread of mobile malware, especially on the Android platform. Machine learning-based solutions have been already used as a tool to supersede signature-based anti-malware systems. However, malware authors leverage features from malicious and legitimate samples to estimate statistical difference in-order to create adversarial examples. Hence, to evaluate the vulnerability of machine learning algorithms in malware detection, we propose five different attack scenarios to perturb malicious applications (apps). By doing this, the classification algorithm inappropriately fits the discriminant function on the set of data points, eventually yielding a higher misclassification rate. Further, to distinguish the adversarial examples from benign samples, we propose two defense mechanisms to counter attacks. To validate our attacks and solutions, we test our model on three different benchmark datasets. We also test our methods using various classifier algorithms and compare them with the state-of-the-art data poisoning method using the Jacobian matrix. Promising results show that generated adversarial samples can evade detection with a very high probability. Additionally, evasive variants generated by our attack models when used to harden the developed anti-malware system improves the detection rate up to 50% when using the generative adversarial network (GAN) method. Keywords Adversarial machine learning  Android malware detection  Poison attacks  Generative adversarial network  Jacobian algorithm

1 Introduction

& Mohammad Shojafar [email protected]; [email protected] Rahim Taheri [email protected] Reza Javidan [email protected] P. Vinod [email protected] Mauro Conti [email protected] 1

Computer Engineering and IT Department, Shiraz University of Technology, Shiraz, Iran

2

Department of Mathematics, University of Padua, Padua, Italy

Nowadays using the Android application is very popular on mobile platforms. Every Android application has a Jar-like APK format and is an archive file which contains Android manifest and Classes.dex files. Information about the structure of the Apps holds in the manifest file and each part is responsible for certain actions. For instance, the requested permissions must be accepted by the users for successful installation of applications. The manifest file contains a list of hardware components and permissions required by each application. Furthermore, there are environment settings in the manifest file that are useful for running applications. The compiled source code from each application is saved as the

Data Loading...

Recommend Documents
Resilient Machine Learning (rML) Ensemble Against Adversarial Machine Learning Attacks

189 50 35MB

Machine Learning With Python

263 59 5MB

Machine Learning with Health Care Perspective Machine Learning and H

278 82 14MB

Empirical Approach to Machine Learning

219 79 21MB

An Overview of Machine Learning

190 88 1MB

An Introduction to Machine Learning

215 58 6MB

Machine Learning

194 56 7MB

Medicare with Machine Learning and Deep Learning

215 92 29MB

Machine Learning-Based Lightweight Android Malware Detection System with Static Features

188 106 22MB

Machine Learning

230 27 3MB

Machine-Learning

213 91 47MB

Machine Learning

246 94 981KB