EAGLE: Evasion Attacks Guided by Local Explanations Against Android Malware Classification

With machine learning techniques widely used to automate Android malware detection, it is important to investigate the robustness of these methods against evasion attacks. A recent work has proposed a novel problem-space attack on Android malware classifiers, where adversarial examples are generated...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 21; no. 4; pp. 3165 - 3182
Main Authors Shu, Zhan, Yan, Guanhua
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.07.2024
IEEE Computer Society
Subjects
Adversarial machine learning
Classification
Classification algorithms
Detectors
Ensemble learning
Feature extraction
Machine learning
Malware
mobile security
Operating systems
Robustness
Online AccessGet full text

Cover

More Information
Summary:With machine learning techniques widely used to automate Android malware detection, it is important to investigate the robustness of these methods against evasion attacks. A recent work has proposed a novel problem-space attack on Android malware classifiers, where adversarial examples are generated by transforming Android malware samples while satisfying practical constraints. Aimed to address its limitations, we propose a new attack called EAGLE ( E vasion A ttacks G uided by L ocal E xplanations), whose key idea is to leverage local explanations to guide the search for adversarial examples. We present a generic algorithmic framework for EAGLE attacks, which can be customized with specific feature increase and decrease operations to evade Android malware classifiers trained on different types of count features. We overcome practical challenges in implementing these operations for four different types of Android malware classifiers. Using two Android malware datasets, our results show that EAGLE attacks can be highly effective at finding functionable adversarial examples. We study the attack transferrability of malware variants created by EAGLE attacks across classifiers built with different classification models or trained on different types of count features. Our research further demonstrates that ensemble classifiers trained from multiple types of count features are not immune to EAGLE attacks. We also discuss possible defense mechanisms against EAGLE attacks.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2023.3324265