TY - JOUR
T1 - Can machine learning model with static features be fooled
T2 - an adversarial machine learning approach
AU - Taheri, Rahim
AU - Javidan, Reza
AU - Shojafar, Mohammad
AU - Vinod, P.
AU - Conti, Mauro
N1 - Funding Information:
Mauro Conti and Mohammad Shojafar are supported by Marie Curie Fellowships funded by the European Commission (Agreement PCIG11-GA-2012-321980) and (Agreement MSCA-IF-GF-2019-839255), respectively.
Publisher Copyright:
© 2020, Springer Science+Business Media, LLC, part of Springer Nature.
PY - 2020/12/1
Y1 - 2020/12/1
N2 - The widespread adoption of smartphones dramatically increases the risk of attacks and the spread of mobile malware, especially on the Android platform. Machine learning-based solutions have been already used as a tool to supersede signature-based anti-malware systems. However, malware authors leverage features from malicious and legitimate samples to estimate statistical difference in-order to create adversarial examples. Hence, to evaluate the vulnerability of machine learning algorithms in malware detection, we propose five different attack scenarios to perturb malicious applications (apps). By doing this, the classification algorithm inappropriately fits the discriminant function on the set of data points, eventually yielding a higher misclassification rate. Further, to distinguish the adversarial examples from benign samples, we propose two defense mechanisms to counter attacks. To validate our attacks and solutions, we test our model on three different benchmark datasets. We also test our methods using various classifier algorithms and compare them with the state-of-the-art data poisoning method using the Jacobian matrix. Promising results show that generated adversarial samples can evade detection with a very high probability. Additionally, evasive variants generated by our attack models when used to harden the developed anti-malware system improves the detection rate up to 50% when using the generative adversarial network (GAN) method.
AB - The widespread adoption of smartphones dramatically increases the risk of attacks and the spread of mobile malware, especially on the Android platform. Machine learning-based solutions have been already used as a tool to supersede signature-based anti-malware systems. However, malware authors leverage features from malicious and legitimate samples to estimate statistical difference in-order to create adversarial examples. Hence, to evaluate the vulnerability of machine learning algorithms in malware detection, we propose five different attack scenarios to perturb malicious applications (apps). By doing this, the classification algorithm inappropriately fits the discriminant function on the set of data points, eventually yielding a higher misclassification rate. Further, to distinguish the adversarial examples from benign samples, we propose two defense mechanisms to counter attacks. To validate our attacks and solutions, we test our model on three different benchmark datasets. We also test our methods using various classifier algorithms and compare them with the state-of-the-art data poisoning method using the Jacobian matrix. Promising results show that generated adversarial samples can evade detection with a very high probability. Additionally, evasive variants generated by our attack models when used to harden the developed anti-malware system improves the detection rate up to 50% when using the generative adversarial network (GAN) method.
KW - Adversarial machine learning
KW - Android malware detection
KW - Generative adversarial network
KW - Jacobian algorithm
KW - Poison attacks
UR - http://www.scopus.com/inward/record.url?scp=85082771494&partnerID=8YFLogxK
U2 - 10.1007/s10586-020-03083-5
DO - 10.1007/s10586-020-03083-5
M3 - Article
AN - SCOPUS:85082771494
SN - 1386-7857
VL - 23
SP - 3233
EP - 3253
JO - Cluster Computing
JF - Cluster Computing
IS - 4
ER -