TY - GEN
T1 - On Impact of Adversarial Evasion Attacks on ML-based Android Malware Classifier Trained on Hybrid Features
AU - RAFIQ, HUSNAIN
AU - Aslam, Nauman
AU - Issac, Biju
AU - Randhawa, Rizwan Hamid
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022/12/2
Y1 - 2022/12/2
N2 - Due to the widespread usage of Android-based smartphones in the current era, Android malware has become a significant concern. From the perspective of t he a dvances in machine learning-based approaches in the previous decade, the research community has shown a dominant interest in applying these to counter Android malware. However, these ML-based classifiers are vulnerable to attacks. An attacker can deliberately fabricate the input application to force the classification algorithm to produce the desired output (evasion attack). In this study, first, w e propose HybridDroid, a n M L-based Android malware classifier trained o n hybrid features a nd optimized using the tree-based pipeline optimization technique (TPOT). Our experiments show that HybriDroid achieves a remarkable detection accuracy of up to 99.2% on a balanced excerpt of 36,000 malware and benign Android apps. Secondly, we explore the effectiveness of the proposed model in adversarial environments. We apply mimicry attacks, feature removal attacks and feature removal with injection attacks on HybriDroid. Our experiments reveal that ML-based malware classifiers are highly vulnerable to adversarial evasion attacks. Finally, we propose future directions to harden the security of ML-based Android malware classifiers in adversarial settings.
AB - Due to the widespread usage of Android-based smartphones in the current era, Android malware has become a significant concern. From the perspective of t he a dvances in machine learning-based approaches in the previous decade, the research community has shown a dominant interest in applying these to counter Android malware. However, these ML-based classifiers are vulnerable to attacks. An attacker can deliberately fabricate the input application to force the classification algorithm to produce the desired output (evasion attack). In this study, first, w e propose HybridDroid, a n M L-based Android malware classifier trained o n hybrid features a nd optimized using the tree-based pipeline optimization technique (TPOT). Our experiments show that HybriDroid achieves a remarkable detection accuracy of up to 99.2% on a balanced excerpt of 36,000 malware and benign Android apps. Secondly, we explore the effectiveness of the proposed model in adversarial environments. We apply mimicry attacks, feature removal attacks and feature removal with injection attacks on HybriDroid. Our experiments reveal that ML-based malware classifiers are highly vulnerable to adversarial evasion attacks. Finally, we propose future directions to harden the security of ML-based Android malware classifiers in adversarial settings.
KW - Adversarial attacks
KW - Android
KW - Hybrid analysis
KW - Machine learning
KW - Malware
UR - http://www.scopus.com/inward/record.url?scp=85148581547&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85148581547&partnerID=8YFLogxK
U2 - 10.1109/SKIMA57145.2022.10029504
DO - 10.1109/SKIMA57145.2022.10029504
M3 - Conference proceeding (ISBN)
T3 - International Conference on Software, Knowledge Information, Industrial Management and Applications, SKIMA
SP - 216
EP - 221
BT - 14th International Conference on Software, Knowledge, Information Management and Applications (SKIMA)
T2 - 14th International Conference on Software, Knowledge, Information Management and Applications
Y2 - 2 December 2022 through 4 December 2022
ER -