Feature-based adversarial attacks against machine learnt mobile malware detectors

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

Abstract

The success of Machine Learning (ML) techniques in security applications, such as malware detection, is highly criticized for their vulnerability to Adversarial Examples (AE): perturbed input samples (e.g. malware) can mislead ML to produce an adversary's desired output (e.g. benign class label). AEs against ML models are broadly studied in the computer vision domain where the adversary perturbs the pixel values of an image such that the change is not perceptible, but the resulting image is misclassified by the model. We investigate the effectiveness of attack techniques proposed in the image domain to attack ML classifiers in the context of mobile malware detection. Since the feature vector representation of samples is often used in ML, a simplified evaluation of ML classifiers' robustness to AEs is to study feature-based attack models, where the adversary perturbs the input features. We compare the methods, trade-offs, and gaps for such attack models and show that generative models (e.g. GANs) outperform a selection of existing attacks in terms of attack success rate but apply large distortion to the original sample. We also describe how we use the generated samples for increasing a classifier's robustness through adversarial training.

Original languageEnglish
Title of host publication2020 30th International Telecommunication Networks and Applications Conference, ITNAC 2020
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages8
ISBN (Electronic)9781728188270
DOIs
Publication statusPublished - 2020
Event30th International Telecommunication Networks and Applications Conference, ITNAC 2020 - Melbourne, Australia
Duration: 25 Nov 202027 Nov 2020

Publication series

Name2020 30th International Telecommunication Networks and Applications Conference, ITNAC 2020

Conference

Conference30th International Telecommunication Networks and Applications Conference, ITNAC 2020
CountryAustralia
CityMelbourne
Period25/11/2027/11/20

Keywords

  • Adversarial Examples
  • Generative Models
  • Machine Learning
  • Robust Classification

Fingerprint Dive into the research topics of 'Feature-based adversarial attacks against machine learnt mobile malware detectors'. Together they form a unique fingerprint.

Cite this