A growing number of Android malware detection systems are based on Machine Learning (ML) methods. However, ML methods are often vulnerable to evasion attacks, in which an adversary manipulates malicious instances so they are classified as benign. Here, we present a novel evaluation scheme for evasion attack generation that exploits the weak spots of known Android malware detection systems. We implement an innovative evasion attack on Drebin . After our novel evasion attack, Drebin’s detection rate decreased by 12%. However, when inspecting the functionality and maliciousness of the manipulated instances, the maliciousness rate increased, whereas the functionality rate decreased by 72%. We show that non-functional apps, do not constitute a threat to users and are thus useless from an attacker’s point of view. Hence, future evaluations of attacks against Android malware detection systems should also address functionality and maliciousness tests.
|Title of host publication||Cyber Security Cryptography and Machine Learning - 4th International Symposium, CSCML 2020, Proceedings|
|Editors||Shlomi Dolev, Gera Weiss, Vladimir Kolesnikov, Sachin Lodha|
|Number of pages||8|
|State||Published - 2020|
|Event||4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020 - Beersheba, Israel|
Duration: 2 Jul 2020 → 3 Jul 2020
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020|
|Period||2/07/20 → 3/07/20|
Bibliographical notePublisher Copyright:
© 2020, Springer Nature Switzerland AG.
- Android security
- Cyber security
- Malware detection