Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information

by   Heng Li, et al.

The function call graph (FCG) based Android malware detection methods have recently attracted increasing attention due to their promising performance. However, these methods are susceptible to adversarial examples (AEs). In this paper, we design a novel black-box AE attack towards the FCG based malware detection system, called BagAmmo. To mislead its target system, BagAmmo purposefully perturbs the FCG feature of malware through inserting "never-executed" function calls into malware code. The main challenges are two-fold. First, the malware functionality should not be changed by adversarial perturbation. Second, the information of the target system (e.g., the graph feature granularity and the output probabilities) is absent. To preserve malware functionality, BagAmmo employs the try-catch trap to insert function calls to perturb the FCG of malware. Without the knowledge about feature granularity and output probabilities, BagAmmo adopts the architecture of generative adversarial network (GAN), and leverages a multi-population co-evolution algorithm (i.e., Apoem) to generate the desired perturbation. Every population in Apoem represents a possible feature granularity, and the real feature granularity can be achieved when Apoem converges. Through extensive experiments on over 44k Android apps and 32 target models, we evaluate the effectiveness, efficiency and resilience of BagAmmo. BagAmmo achieves an average attack success rate of over 99.9 and GCN, and still performs well in the scenario of concept drift and data imbalance. Moreover, BagAmmo outperforms the state-of-the-art attack SRL in attack success rate.


EvadeDroid: A Practical Evasion Attack on Machine Learning for Black-box Android Malware Detection

Over the last decade, several studies have investigated the weaknesses o...

Efficient Black-box Optimization of Adversarial Windows Malware with Constrained Manipulations

Windows malware detectors based on machine learning are vulnerable to ad...

OFEI: A Semi-black-box Android Adversarial Sample Attack Framework Against DLaaS

With the growing popularity of Android devices, Android malware is serio...

MalFox: Camouflaged Adversarial Malware Example Generation Based on C-GANs Against Black-Box Detectors

Deep learning is a thriving field currently stuffed with many practical ...

When the Guard failed the Droid: A case study of Android malware

Android malware is a persistent threat to billions of users around the w...

Instance Attack:An Explanation-based Vulnerability Analysis Framework Against DNNs for Malware Detection

Deep neural networks (DNNs) are increasingly being applied in malware de...

Combining Generators of Adversarial Malware Examples to Increase Evasion Rate

Antivirus developers are increasingly embracing machine learning as a ke...

Please sign up or login with your details

Forgot password? Click here to reset