Abstract
Today, android dominates the smartphone operating systems market. As per Google, there are over 3 billion active android users. With such a large population depending on the platform for their daily activities, a strong need exists to protect android from adversaries. Historically, techniques like signature and behavior were used in malware detectors. However, machine learning and deep learning models have now started becoming a core part of next-generation android malware detectors. In this paper, we step into malware developers/adversary shoes and ask: Are machine learning based android detectors resilient to reinforcement learning based adversarial attacks? Therefore, we propose the RL-MAGE framework to investigate the adversarial robustness of android malware detectors. The RL-MAGE framework assumes the grey-box scenario and aims to improve the adversarial robustness of malware detectors. We designed three reinforcement learning based evasion attacks A2C-MEA, TRPO-MEA, and PPO-MEA, against malware detectors. We investigated the robustness of 30 malware detection models based on 2 features (android permission and intent) and 15 distinct classifiers from 4 different families (machine learning classifiers, bagging based classifiers, boosting based classifiers, and deep learning classifiers). The designed evasion attacks generate adversarial applications by adding perturbations into the malware so that they force misclassifications and can evade malware detectors. The attack agent ensures that the adversarial applications’ structural, syntactical, and behavioral integrity is preserved, and the attack’s cost is minimized by adding minimum perturbations. The proposed TRPO-MEA evasion attack achieved a mean evasion rate of \(93.27\%\) while reducing the mean accuracy of 30 malware detectors from \(85.81\%\) to \(50.29\%\). We also propose the ARShield defense strategy to improve the malware detectors’ classification performance and robustness. The TRPO-MEA ARShield models achieved \(4.10\%\) higher mean accuracy and reduced the mean evasion rate of re-attack from \(93.27\%\) to \(1.05\%\). Finally, we conclude that the RL-MAGE framework improved the detection performance and adversarial robustness of malware detectors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
More than one billion Android devices at risk of malware threats. https://www.which.co.uk/news/article/more-than-one-billion-android-devices-at-risk-of-malware-threats-aXtug2P0ET0d
Android Statistics (2023). https://www.businessofapps.com/data/android-statistics/
Apktool (2023). https://ibotpeaches.github.io/Apktool/
Google I/O (2023). https://io.google/2021/program/content/?lng=en
Google Play Store (2023). https://play.google.com/store/
VirusTotal (2023). https://www.virustotal.com/gui/home/upload
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: Network and Distributed System Security Symposium (NDSS), vol. 14, pp. 23–26 (2014)
Bostani, H., Moonsamy, V.: Evadedroid: a practical evasion attack on ML for black-box android malware detection (2021). arXiv preprint arXiv:2110.03301
Demetrio, L., Coull, S.E., Biggio, B., Lagorio, G., Armando, A., Roli, F.: Adversarial exemples: a survey and experimental evaluation of practical attacks on machine learning for windows malware detection. ACM Trans. Privacy Secur. (TOPS) 24(4), 1–31 (2021)
Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial perturbations against deep neural networks for malware classification. arXiv preprint arXiv:1606.04435 (2016)
Mnih, V., et al.: Asynchronous methods for deep reinforcement learning. In: International Conference on Machine Learning (ICML), pp. 1928–1937 (2016)
Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: IEEE European Symposium on Security and Privacy (IEEE EuroS &P), pp. 372–387. IEEE (2016)
Qiu, J., Zhang, J., Luo, W., Pan, L., Nepal, S., Xiang, Y.: A survey of android malware detection with deep neural models. ACM Comput. Surv. (CSUR) 53(6), 1–36 (2020)
Rathore, H., Sahay, S.K., Nikam, P., Sewak, M.: Robust android malware detection system against adversarial attacks using q-learning. Inf. Syst. Front. 1–16 (2021)
Rathore, H., Sahay, S.K., Rajvanshi, R., Sewak, M.: Identification of significant permissions for efficient android malware detection. In: Gao, H., J. Durán Barroso, R., Shanchen, P., Li, R. (eds.) BROADNETS 2020. LNICST, vol. 355, pp. 33–52. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68737-3_3
Rathore, H., Samavedhi, A., Sahay, S.K., Sewak, M.: Robust malware detection models: learning from adversarial attacks and defenses. Forensic Sci. Int. Digit. Investig. 37, 301183 (2021)
Schulman, J., Levine, S., Abbeel, P., Jordan, M., Moritz, P.: Trust region policy optimization. In: ICML, pp. 1889–1897 (2015)
Schulman, J., Wolski, F., Dhariwal, P., Radford, A., Klimov, O.: Proximal policy optimization algorithms. arXiv preprint arXiv:1707.06347 (2017)
Sewak, M., Sahay, S.K., Rathore, H.: Deepintent: implicitintent based android ids with e2e deep learning architecture. In: IEEE 31st PIMRC, pp. 1–6. IEEE (2020)
Sewak, M., Sahay, S.K., Rathore, H.: Value-approximation based deep reinforcement learning techniques: an overview. In: 2020 IEEE 5th International Conference on Computing Communication and Automation (ICCCA), pp. 379–384. IEEE (2020)
Sewak, M., Sahay, S.K., Rathore, H.: DRLDO: a novel DRL based de-obfuscation system for defence against metamorphic malware. Def. Sci. J. 71(1), 55–65 (2021)
Sinha, S., Saranya, S.: One pixel attack analysis using activation maps. Ann. Roman. Soc. Cell Biol. 8397–8404 (2021)
Taheri, R., Javidan, R., Shojafar, M., Vinod, P., Conti, M.: Can machine learning model with static features be fooled: an adversarial machine learning approach. Clust. Comput. 23(4), 3233–3253 (2020). https://doi.org/10.1007/s10586-020-03083-5
Zhang, J., Zhang, C., Liu, X., Wang, Y., Diao, W., Guo, S.: ShadowDroid: practical black-box attack against ML-based android malware detection. In: International Conference on Parallel and Distributed Systems, pp. 629–636. IEEE (2021)
Acknowledgement
One of the authors Dr. Sanjay K. Sahay is thankful to Data Security Council of India for financial support to work on the Android malware detection system.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Nandanwar, A., Rathore, H., Sahay, S.K., Sewak, M. (2023). RL-MAGE: Strengthening Malware Detectors Against Smart Adversaries. In: Mikyška, J., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M. (eds) Computational Science – ICCS 2023. ICCS 2023. Lecture Notes in Computer Science, vol 14074. Springer, Cham. https://doi.org/10.1007/978-3-031-36021-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-36021-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36020-6
Online ISBN: 978-3-031-36021-3
eBook Packages: Computer ScienceComputer Science (R0)