Defending against Adversarial Malware Attacks on ML-based Android Malware Detection Systems
This work addresses a critical security issue for Android users and developers by improving defenses against adversarial attacks, though it is incremental as it builds on existing methods to fill a specific gap.
The paper tackles the problem of adversarial malware attacks on machine learning-based Android malware detection systems, specifically addressing the gap in defenses against realistic problem space attacks, and demonstrates that their proposed ADD framework effectively enhances adversarial robustness across various systems and real-world antivirus solutions.
Android malware presents a persistent threat to users' privacy and data integrity. To combat this, researchers have proposed machine learning-based (ML-based) Android malware detection (AMD) systems. However, adversarial Android malware attacks compromise the detection integrity of the ML-based AMD systems, raising significant concerns. Existing defenses against adversarial Android malware provide protections against feature space attacks which generate adversarial feature vectors only, leaving protection against realistic threats from problem space attacks which generate real adversarial malware an open problem. In this paper, we address this gap by proposing ADD, a practical adversarial Android malware defense framework designed as a plug-in to enhance the adversarial robustness of the ML-based AMD systems against problem space attacks. Our extensive evaluation across various ML-based AMD systems demonstrates that ADD is effective against state-of-the-art problem space adversarial Android malware attacks. Additionally, ADD shows the defense effectiveness in enhancing the adversarial robustness of real-world antivirus solutions.