In this paper, we propose two defense methods against adversarial attack to a malware detection system for mobile multimedia applications in IoT environments. They are Robust-NN and a combination of convolutional neural network and 1- nearest neighbors(C4N) which modify training data that has been poisoned by an adversarial attack. As a result, the trained machine learning model will be accurate and if the malicious program is entered by any IoT device, the model generates necessary alerts. We provide an explanation of the used attack method and the algorithms proposed to defend against this attack. In order to evaluate the suitability of the proposed defense methods, sufficient analysis is presented, i.e. Drebin, Contagio and Genome datasets which include benign and malware Android apps are applied to perform experiments. To confirm the effectiveness of the suggested defense algorithms, this paper compared their performance with two state-of-the-art defense algorithms used to detect adversarial samples, namely e2SAD and EAT. The experiments are performed on two types of API and Permission features from the mentioned datasets. The results confirm that accuracy rates of classification algorithms decrease to 40% after attack in some cases (related to Drebin dataset by reviewing API feature sets). Additionally, the accuracy rates increase to 94.94% and 96.03% by applying Robust-NN and C4N algorithms, respectively. Therefore, they are comparable with existing cutting-edge defense algorithms. Also, the adversarial attack increased the FPR to 45.81% which will be reduced to 4.84% and 4.15% using Robust-NN and C4N, respectively. Consequently, the proposed methods will be robust against adversarial attacks.
- Adversarial malware detection
- Deep learning
- IoT Environment
- IoT malware detection
- Perturbing training set