TY - JOUR
T1 - On defending against label flipping attacks on malware detection systems
AU - Taheri, Rahim
AU - Javidan, Reza
AU - Shojafar, Mohammad
AU - Pooranian, Zahra
AU - Miri, Ali
AU - Conti, Mauro
N1 - Funding Information:
Mauro Conti and Mohammad Shojafar are supported by a Marie Curie Fellowship funded by the European Commission (agreement PCIG11-GA-2012-321980 and agreement MSCA-IF-GF-2019-839255, respectively).
Publisher Copyright:
© 2020, The Author(s).
PY - 2020/9/1
Y1 - 2020/9/1
N2 - Label manipulation attacks are a subclass of data poisoning attacks in adversarial machine learning used against different applications, such as malware detection. These types of attacks represent a serious threat to detection systems in environments having high noise rate or uncertainty, such as complex networks and Internet of Thing (IoT). Recent work in the literature has suggested using the K-nearest neighboring algorithm to defend against such attacks. However, such an approach can suffer from low to miss-classification rate accuracy. In this paper, we design an architecture to tackle the Android malware detection problem in IoT systems. We develop an attack mechanism based on silhouette clustering method, modified for mobile Android platforms. We proposed two convolutional neural network-type deep learning algorithms against this Silhouette Clustering-based Label Flipping Attack. We show the effectiveness of these two defense algorithms—label-based semi-supervised defense and clustering-based semi-supervised defense—in correcting labels being attacked. We evaluate the performance of the proposed algorithms by varying the various machine learning parameters on three Android datasets: Drebin, Contagio, and Genome and three types of features: API, intent, and permission. Our evaluation shows that using random forest feature selection and varying ratios of features can result in an improvement of up to 19% accuracy when compared with the state-of-the-art method in the literature.
AB - Label manipulation attacks are a subclass of data poisoning attacks in adversarial machine learning used against different applications, such as malware detection. These types of attacks represent a serious threat to detection systems in environments having high noise rate or uncertainty, such as complex networks and Internet of Thing (IoT). Recent work in the literature has suggested using the K-nearest neighboring algorithm to defend against such attacks. However, such an approach can suffer from low to miss-classification rate accuracy. In this paper, we design an architecture to tackle the Android malware detection problem in IoT systems. We develop an attack mechanism based on silhouette clustering method, modified for mobile Android platforms. We proposed two convolutional neural network-type deep learning algorithms against this Silhouette Clustering-based Label Flipping Attack. We show the effectiveness of these two defense algorithms—label-based semi-supervised defense and clustering-based semi-supervised defense—in correcting labels being attacked. We evaluate the performance of the proposed algorithms by varying the various machine learning parameters on three Android datasets: Drebin, Contagio, and Genome and three types of features: API, intent, and permission. Our evaluation shows that using random forest feature selection and varying ratios of features can result in an improvement of up to 19% accuracy when compared with the state-of-the-art method in the literature.
KW - Adversarial example
KW - Adversarial machine learning (AML)
KW - Deep learning
KW - Label flipping attacks
KW - Malware detection
KW - Semi-supervised defense (SSD)
UR - http://www.scopus.com/inward/record.url?scp=85082824905&partnerID=8YFLogxK
U2 - 10.1007/s00521-020-04831-9
DO - 10.1007/s00521-020-04831-9
M3 - Article
AN - SCOPUS:85082824905
SN - 0941-0643
VL - 32
SP - 14781
EP - 14800
JO - Neural Computing and Applications
JF - Neural Computing and Applications
IS - 18
ER -