MalPurifier: Enhancing Android Malware Detection with Adversarial Purification against Evasion Attacks
This addresses a critical security problem for Android malware detection systems, offering a practical solution against evasion attacks, though it is incremental in improving existing defenses.
The paper tackles the vulnerability of machine learning-based Android malware detection systems to evasion attacks by introducing MalPurifier, an adversarial purification framework that robustly defends against 37 perturbation-based attacks with accuracies above 90.91%.
Machine learning (ML) has gained significant adoption in Android malware detection to address the escalating threats posed by the rapid proliferation of malware attacks. However, recent studies have revealed the inherent vulnerabilities of ML-based detection systems to evasion attacks. While efforts have been made to address this critical issue, many of the existing defensive methods encounter challenges such as lower effectiveness or reduced generalization capabilities. In this paper, we introduce MalPurifier, a novel adversarial purification framework specifically engineered for Android malware detection. Specifically, MalPurifier integrates three key innovations: a diversified adversarial perturbation mechanism for robustness and generalizability, a protective noise injection strategy for benign data integrity, and a Denoising AutoEncoder (DAE) with a dual-objective loss for accurate purification and classification. Extensive experiments on two large-scale datasets demonstrate that MalPurifier significantly outperforms state-of-the-art defenses. It robustly defends against a comprehensive set of 37 perturbation-based evasion attacks, consistently achieving robust accuracies above 90.91%. As a lightweight, model-agnostic, and plug-and-play module, MalPurifier offers a practical and effective solution to bolster the security of ML-based Android malware detectors.