Are Malware Detection Classifiers Adversarially Vulnerable to Actor-Critic based Evasion Attacks?

IF 16.4 1区化学 Q1 CHEMISTRY, MULTIDISCIPLINARY

Accounts of Chemical Research Pub Date : 2022-05-31 DOI:10.4108/eai.31-5-2022.174087

Hemant Rathore, Sujay C Sharma, S. Sahay, Mohit Sewak

{"title":"Are Malware Detection Classifiers Adversarially Vulnerable to Actor-Critic based Evasion Attacks?","authors":"Hemant Rathore, Sujay C Sharma, S. Sahay, Mohit Sewak","doi":"10.4108/eai.31-5-2022.174087","DOIUrl":null,"url":null,"abstract":"Android devices like smartphones and tablets have become immensely popular and are an integral part of our daily lives. However, it has also attracted malware developers to design android malware which have grown aggressively in the last few years. Research shows that machine learning, ensemble, and deep learning models can successfully be used to detect android malware. However, the robustness of these models against well-crafted adversarial samples is not well investigated. Therefore, we first stepped into the adversaries’ shoes and proposed the ACE attack that adds limited perturbations in malicious applications such that they are forcefully misclassified as benign and remain undetected by di ff erent malware detection models. The ACE agent is designed based on an actor-critic architecture that uses reinforcement learning to add perturbations (maximum ten) while maintaining the structural and functional integrity of the adversarial malicious applications. The proposed attack is validated against twenty-two di ff erent malware detection models based on two feature sets and eleven di ff erent classification algorithms. The ACE attack accomplished an average fooling rate (with maximum of ten perturbations) of 46 . 63% across eleven permission based malware detection models and 95 . 31% across eleven intent based detection models. The attack forced a massive number of misclassifications that led to an average accuracy drop of 18 . 07% and 36 . 62% in the above permission and intent based malware detection models. Later we also design a defense mechanism using the adversarial retraining strategy, which uses adversarial malware samples with correct class labels to retrain the models. The defense mechanism improves the average accuracy by 24 . 88% and 76 . 51% for the eleven permission and eleven intent based malware detection models. In conclusion, we found that malware detection models based on machine learning, ensemble, and deep learning perform poorly against adversarial samples. Thus malware detection models should be investigated for vulnerabilities and mitigated to enhance their overall forensic knowledge and adversarial robustness.","PeriodicalId":1,"journal":{"name":"Accounts of Chemical Research","volume":null,"pages":null},"PeriodicalIF":16.4000,"publicationDate":"2022-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Accounts of Chemical Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/eai.31-5-2022.174087","RegionNum":1,"RegionCategory":"化学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"CHEMISTRY, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 1

Abstract

Android devices like smartphones and tablets have become immensely popular and are an integral part of our daily lives. However, it has also attracted malware developers to design android malware which have grown aggressively in the last few years. Research shows that machine learning, ensemble, and deep learning models can successfully be used to detect android malware. However, the robustness of these models against well-crafted adversarial samples is not well investigated. Therefore, we first stepped into the adversaries’ shoes and proposed the ACE attack that adds limited perturbations in malicious applications such that they are forcefully misclassified as benign and remain undetected by di ff erent malware detection models. The ACE agent is designed based on an actor-critic architecture that uses reinforcement learning to add perturbations (maximum ten) while maintaining the structural and functional integrity of the adversarial malicious applications. The proposed attack is validated against twenty-two di ff erent malware detection models based on two feature sets and eleven di ff erent classification algorithms. The ACE attack accomplished an average fooling rate (with maximum of ten perturbations) of 46 . 63% across eleven permission based malware detection models and 95 . 31% across eleven intent based detection models. The attack forced a massive number of misclassifications that led to an average accuracy drop of 18 . 07% and 36 . 62% in the above permission and intent based malware detection models. Later we also design a defense mechanism using the adversarial retraining strategy, which uses adversarial malware samples with correct class labels to retrain the models. The defense mechanism improves the average accuracy by 24 . 88% and 76 . 51% for the eleven permission and eleven intent based malware detection models. In conclusion, we found that malware detection models based on machine learning, ensemble, and deep learning perform poorly against adversarial samples. Thus malware detection models should be investigated for vulnerabilities and mitigated to enhance their overall forensic knowledge and adversarial robustness.

查看原文本刊更多论文

恶意软件检测分类器是否容易受到基于演员评论家的逃避攻击?

像智能手机和平板电脑这样的安卓设备已经变得非常流行，成为我们日常生活中不可或缺的一部分。然而，它也吸引了恶意软件开发者来设计安卓恶意软件，这些恶意软件在过去几年里迅速增长。研究表明，机器学习、集成和深度学习模型可以成功地用于检测android恶意软件。然而，这些模型对精心制作的对抗性样本的鲁棒性并没有得到很好的研究。因此，我们首先站在对手的立场上，提出了ACE攻击，该攻击在恶意应用程序中添加了有限的扰动，这样它们就会被强行归类为良性，并且不会被不同的恶意软件检测模型检测到。ACE代理是基于actor-critic架构设计的，该架构使用强化学习来添加扰动(最多10个)，同时保持对抗性恶意应用程序的结构和功能完整性。基于两个特征集和11种不同的分类算法，对22种不同的恶意软件检测模型进行了验证。ACE攻击的平均愚弄率(最多10次干扰)为46。在11个基于权限的恶意软件检测模型和95。在11个基于意图的检测模型中占31%。这次攻击导致了大量的错误分类，导致平均准确率下降了18%。07%和36。62%以上基于权限和意图的恶意软件检测模型。随后，我们还设计了一种使用对抗性再训练策略的防御机制，该策略使用具有正确类标签的对抗性恶意软件样本来重新训练模型。防御机制将平均精度提高24。88%和76%。51%的基于11个权限和11个意图的恶意软件检测模型。总之，我们发现基于机器学习、集成和深度学习的恶意软件检测模型在对抗样本时表现不佳。因此，应该调查恶意软件检测模型的漏洞并减轻其影响，以增强其整体取证知识和对抗鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Accounts of Chemical Research 化学-化学综合

CiteScore

31.40

自引率

1.10%

发文量

312

审稿时长

2 months

期刊介绍： Accounts of Chemical Research presents short, concise and critical articles offering easy-to-read overviews of basic research and applications in all areas of chemistry and biochemistry. These short reviews focus on research from the author’s own laboratory and are designed to teach the reader about a research project. In addition, Accounts of Chemical Research publishes commentaries that give an informed opinion on a current research problem. Special Issues online are devoted to a single topic of unusual activity and significance. Accounts of Chemical Research replaces the traditional article abstract with an article "Conspectus." These entries synopsize the research affording the reader a closer look at the content and significance of an article. Through this provision of a more detailed description of the article contents, the Conspectus enhances the article's discoverability by search engines and the exposure for the research.