Feature-based adversarial attacks against machine learnt mobile malware detectors

Maryam Shahpasand; Leonard Hamey; Mohamed Ali Kaafar; Dinusha Vatsalan

doi:10.1109/ITNAC50341.2020.9315144

Feature-based adversarial attacks against machine learnt mobile malware detectors

Maryam Shahpasand, Leonard Hamey, Mohamed Ali Kaafar, Dinusha Vatsalan

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

Abstract

The success of Machine Learning (ML) techniques in security applications, such as malware detection, is highly criticized for their vulnerability to Adversarial Examples (AE): perturbed input samples (e.g. malware) can mislead ML to produce an adversary's desired output (e.g. benign class label). AEs against ML models are broadly studied in the computer vision domain where the adversary perturbs the pixel values of an image such that the change is not perceptible, but the resulting image is misclassified by the model. We investigate the effectiveness of attack techniques proposed in the image domain to attack ML classifiers in the context of mobile malware detection. Since the feature vector representation of samples is often used in ML, a simplified evaluation of ML classifiers' robustness to AEs is to study feature-based attack models, where the adversary perturbs the input features. We compare the methods, trade-offs, and gaps for such attack models and show that generative models (e.g. GANs) outperform a selection of existing attacks in terms of attack success rate but apply large distortion to the original sample. We also describe how we use the generated samples for increasing a classifier's robustness through adversarial training.

Original language	English
Title of host publication	2020 30th International Telecommunication Networks and Applications Conference, ITNAC 2020
Place of Publication	Piscataway, NJ
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Number of pages	8
ISBN (Electronic)	9781728188270
DOIs	https://doi.org/10.1109/ITNAC50341.2020.9315144
Publication status	Published - 2020
Event	30th International Telecommunication Networks and Applications Conference, ITNAC 2020 - Melbourne, Australia Duration: 25 Nov 2020 → 27 Nov 2020

Conference

Conference	30th International Telecommunication Networks and Applications Conference, ITNAC 2020
Country/Territory	Australia
City	Melbourne
Period	25/11/20 → 27/11/20

Keywords

Adversarial Examples
Generative Models
Machine Learning
Robust Classification

Access to Document

10.1109/ITNAC50341.2020.9315144

Cite this

@inproceedings{b695ba21f66f414a8bb1cd5bc67e3acf,

title = "Feature-based adversarial attacks against machine learnt mobile malware detectors",

abstract = "The success of Machine Learning (ML) techniques in security applications, such as malware detection, is highly criticized for their vulnerability to Adversarial Examples (AE): perturbed input samples (e.g. malware) can mislead ML to produce an adversary's desired output (e.g. benign class label). AEs against ML models are broadly studied in the computer vision domain where the adversary perturbs the pixel values of an image such that the change is not perceptible, but the resulting image is misclassified by the model. We investigate the effectiveness of attack techniques proposed in the image domain to attack ML classifiers in the context of mobile malware detection. Since the feature vector representation of samples is often used in ML, a simplified evaluation of ML classifiers' robustness to AEs is to study feature-based attack models, where the adversary perturbs the input features. We compare the methods, trade-offs, and gaps for such attack models and show that generative models (e.g. GANs) outperform a selection of existing attacks in terms of attack success rate but apply large distortion to the original sample. We also describe how we use the generated samples for increasing a classifier's robustness through adversarial training.",

keywords = "Adversarial Examples, Generative Models, Machine Learning, Robust Classification",

author = "Maryam Shahpasand and Leonard Hamey and Kaafar, {Mohamed Ali} and Dinusha Vatsalan",

year = "2020",

doi = "10.1109/ITNAC50341.2020.9315144",

language = "English",

booktitle = "2020 30th International Telecommunication Networks and Applications Conference, ITNAC 2020",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "30th International Telecommunication Networks and Applications Conference, ITNAC 2020 ; Conference date: 25-11-2020 Through 27-11-2020",

}

Shahpasand, M, Hamey, L , Kaafar, MA & Vatsalan, D 2020, Feature-based adversarial attacks against machine learnt mobile malware detectors. in 2020 30th International Telecommunication Networks and Applications Conference, ITNAC 2020. Institute of Electrical and Electronics Engineers (IEEE), Piscataway, NJ, 30th International Telecommunication Networks and Applications Conference, ITNAC 2020, Melbourne, Australia, 25/11/20. https://doi.org/10.1109/ITNAC50341.2020.9315144

Feature-based adversarial attacks against machine learnt mobile malware detectors. / Shahpasand, Maryam; Hamey, Leonard ; Kaafar, Mohamed Ali et al.
2020 30th International Telecommunication Networks and Applications Conference, ITNAC 2020. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2020.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Feature-based adversarial attacks against machine learnt mobile malware detectors

AU - Shahpasand, Maryam

AU - Hamey, Leonard

AU - Kaafar, Mohamed Ali

AU - Vatsalan, Dinusha

PY - 2020

Y1 - 2020

N2 - The success of Machine Learning (ML) techniques in security applications, such as malware detection, is highly criticized for their vulnerability to Adversarial Examples (AE): perturbed input samples (e.g. malware) can mislead ML to produce an adversary's desired output (e.g. benign class label). AEs against ML models are broadly studied in the computer vision domain where the adversary perturbs the pixel values of an image such that the change is not perceptible, but the resulting image is misclassified by the model. We investigate the effectiveness of attack techniques proposed in the image domain to attack ML classifiers in the context of mobile malware detection. Since the feature vector representation of samples is often used in ML, a simplified evaluation of ML classifiers' robustness to AEs is to study feature-based attack models, where the adversary perturbs the input features. We compare the methods, trade-offs, and gaps for such attack models and show that generative models (e.g. GANs) outperform a selection of existing attacks in terms of attack success rate but apply large distortion to the original sample. We also describe how we use the generated samples for increasing a classifier's robustness through adversarial training.

AB - The success of Machine Learning (ML) techniques in security applications, such as malware detection, is highly criticized for their vulnerability to Adversarial Examples (AE): perturbed input samples (e.g. malware) can mislead ML to produce an adversary's desired output (e.g. benign class label). AEs against ML models are broadly studied in the computer vision domain where the adversary perturbs the pixel values of an image such that the change is not perceptible, but the resulting image is misclassified by the model. We investigate the effectiveness of attack techniques proposed in the image domain to attack ML classifiers in the context of mobile malware detection. Since the feature vector representation of samples is often used in ML, a simplified evaluation of ML classifiers' robustness to AEs is to study feature-based attack models, where the adversary perturbs the input features. We compare the methods, trade-offs, and gaps for such attack models and show that generative models (e.g. GANs) outperform a selection of existing attacks in terms of attack success rate but apply large distortion to the original sample. We also describe how we use the generated samples for increasing a classifier's robustness through adversarial training.

KW - Adversarial Examples

KW - Generative Models

KW - Machine Learning

KW - Robust Classification

UR - http://www.scopus.com/inward/record.url?scp=85100258818&partnerID=8YFLogxK

U2 - 10.1109/ITNAC50341.2020.9315144

DO - 10.1109/ITNAC50341.2020.9315144

M3 - Conference proceeding contribution

AN - SCOPUS:85100258818

BT - 2020 30th International Telecommunication Networks and Applications Conference, ITNAC 2020

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Piscataway, NJ

T2 - 30th International Telecommunication Networks and Applications Conference, ITNAC 2020

Y2 - 25 November 2020 through 27 November 2020

ER -

Feature-based adversarial attacks against machine learnt mobile malware detectors

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this