An Investigation on Fragility of Machine Learning Classifiers in Android Malware Detection

HUSNAIN RAFIQ, Nauman Aslam, Rizwan Hamid Randhawa, Biju Issac

Research output: Chapter in Book/Report/Conference proceedingConference proceeding (ISBN)peer-review

2 Citations (Scopus)


Machine learning (ML) classifiers have been increasingly used in Android malware detection and countermeasures for the past decade. However, ML-based solutions are vulnerable to adversarial evasion attacks. An attacker can craft a malicious sample carefully to fool an underlying pre-trained classifier. In this paper, we highlight the fragility of the ML classifiers against adversarial evasion attacks. We perform mimicry attacks based on Oracle and Generative Adversarial Network (GAN) against these classifiers using our proposed methodology. We use static analysis on Android applications to extract API-based features from a balanced excerpt of a well-known public dataset. The empirical results demonstrate that among ML classifiers, the detection capability of linear classifiers can be reduced as low as 0% by perturbing only up to 4 out of 315 extracted API features. As a countermeasure, we propose TrickDroid, a cumulative adversarial training scheme based on Oracle and GAN-based adversarial data to improve evasion detection. The experimental results of cumulative adversarial training achieves a remarkable detection accuracy of up to 99.46% against adversarial samples.
Original languageEnglish
Title of host publicationIEEE INFOCOM 2022 - IEEE Conference on Computer Communications Workshops
Publication statusPublished - 22 May 2022
EventIEEE Conference on Computer Communications Workshops - New York, United States
Duration: 2 May 20225 May 2022


ConferenceIEEE Conference on Computer Communications Workshops
Country/TerritoryUnited States
CityNew York


Dive into the research topics of 'An Investigation on Fragility of Machine Learning Classifiers in Android Malware Detection'. Together they form a unique fingerprint.

Cite this