nach oben

Cluster Computing

Erschienen in:

17.03.2020

Can machine learning model with static features be fooled: an adversarial machine learning approach

verfasst von: Rahim Taheri, Reza Javidan, Mohammad Shojafar, P. Vinod, Mauro Conti

Erschienen in: Cluster Computing | Ausgabe 4/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The widespread adoption of smartphones dramatically increases the risk of attacks and the spread of mobile malware, especially on the Android platform. Machine learning-based solutions have been already used as a tool to supersede signature-based anti-malware systems. However, malware authors leverage features from malicious and legitimate samples to estimate statistical difference in-order to create adversarial examples. Hence, to evaluate the vulnerability of machine learning algorithms in malware detection, we propose five different attack scenarios to perturb malicious applications (apps). By doing this, the classification algorithm inappropriately fits the discriminant function on the set of data points, eventually yielding a higher misclassification rate. Further, to distinguish the adversarial examples from benign samples, we propose two defense mechanisms to counter attacks. To validate our attacks and solutions, we test our model on three different benchmark datasets. We also test our methods using various classifier algorithms and compare them with the state-of-the-art data poisoning method using the Jacobian matrix. Promising results show that generated adversarial samples can evade detection with a very high probability. Additionally, evasive variants generated by our attack models when used to harden the developed anti-malware system improves the detection rate up to 50% when using the generative adversarial network (GAN) method.

Vorheriger Artikel FCM–SVM based intrusion detection system for cloud computing environment

Nächster Artikel A novel workflow scheduling with multi-criteria using particle swarm optimization for heterogeneous computing systems

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

In this paper, poison data is used interchangeability as the adversarial example.

GAN is also can be used to generate adversarial example and fool the classifier which is out of the scope of this paper.

https://github.com/mshojafar/sourcecodes/blob/master/Taheri2019APIN-AdverserialML_Sourcecode.zip.

Aafer, Y., Du, W., Yin, H.: Droidapiminer: mining API-level features for robust malware detection in Android. In: International Conference on Security and Privacy in Communication Systems, pp. 86–103. Springer (2013)

Arp, D., Spreitzenbarth, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings of NDSS (2014)

Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of 17th ACM CCS, pp. 73–84 (2010)

Biggio, B., et al.: Evasion attacks against machine learning at test time. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pp. 387–402. Springer (2013)

Carlini, N., Wagner, D.: Audio adversarial examples: targeted attacks on speech-to-text. arXiv preprint (2018). arXiv:1801.01944

Contagio dataset (2019). http://contagiominidump.blogspot.com/. Accessed 25 May 2019

Eykholt, K., et al.: Physical adversarial examples for object detectors. arXiv preprint (2018). arXiv:1807.07769

Goebel, R., Chander, A., Holzinger, K., Lecue, F., Akata, Z., Stumpf, S., Kieseberg, P., Holzinger, A.: Explainable AI: the new 42? In: International Cross-Domain Conference for Machine Learning and Knowledge Extraction, pp. 295–303. Springer (2018)

Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., Bengio, Y.: Generative adversarial nets. In: Proceedings of NIPS, pp. 2672–2680 (2014)

10.

Goodfellow, I.J., et al.: Explaining and harnessing adversarial examples. arXiv preprint (2014). arXiv:1412.6572

11.

Grosse, K., et al.: Adversarial examples for malware detection. In: European Symposium on Research in Computer Security, pp. 62–79. Springer (2017)

12.

Grosse, K., et al.: On the (statistical) detection of adversarial examples. arXiv preprint (2017). arXiv:1702.06280

13.

Ho, T.K.: Random decision forests. In: Proceedings of the Third International Conference on Document Analysis and Recognition, 1995, vol 1, pp. 278–282. IEEE (1995)

14.

Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.: Adversarial machine learning. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, pp. 43–58. ACM (2011)

15.

Huang, Y., et al.: Malware evasion attack and defense. arXiv preprint (2019). arXiv:1904.05747

16.

Idrees, F., Rajarajan, M., Conti, M., Chen, T.M., Rahulamathavan, Y.: Pindroid: a novel Android malware detection system using ensemble learning methods. Comput. Secur. 68, 36–46 (2017)CrossRef

17.

Jiang, X., Zhou, Y.: Dissecting android malware: characterization and evolution. In: Proceedings of IEEE S&P, pp. 95–109 (2012)

18.

KNN complexity (2019). http://www.cs.haifa.ac.il/~rita/ml_course/lectures/KNN.pdf. Accessed 25 May 2019

19.

Kreuk, F., Adi, Y., Cisse, M., Keshet, J.: Fooling end-to-end speaker verification by adversarial examples. arXiv preprint (2018). arXiv:1801.03339

20.

Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial examples in the physical world. arXiv preprint (2016). arXiv:1607.02533

21.

Li, W., Gauci, M., Groß, R.: Turing learning: a metric-free approach to inferring behavior and its application to swarms. Swarm Intell. 10(3), 211–243 (2016)CrossRef

22.

Lindorfer, M., Neugschwandtner, M., Platzer, C.: Marvin: efficient and comprehensive mobile app classification through static and dynamic analysis. In: Proceedings of IEEE 39th Annual COMPSAC, vol 2, pp. 422–433 (2015)

23.

Meng, G., et al.: Mystique: evolving Android malware for auditing anti-malware tools. In: Proceedings of 11th ACM Asia CCS, pp. 365–376 (2016)

24.

Moonsamy, V., Batten, L.: Zero permission Android applications—attacks and defenses. In: ATIS 2012: Proceedings of the 3rd Applications and Technologies in Information Security Workshop, pp. 5–9. School of Information Systems, Deakin University (2012)

25.

Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proceedings of IEEE 23rd ACSAC, pp. 421–430 (2007)

26.

Narain, S., Vo-Huu, T.D., Block, K., Noubir, G.: Inferring user routes and locations using zero-permission mobile sensors. In: Proceedings of IEEE S&P, pp. 397–413 (2016)

27.

Papernot, N., et al.: Distillation as a defense to adversarial perturbations against deep neural networks. arXiv preprint (2014). arXiv:1511.04508

28.

Papernot, N., et al.: Distillation as a defense to adversarial perturbations against deep neural networks. In: Proceedings of IEEE S&P, pp. 582–597 (2016)

29.

Papernot, N., et al.: The limitations of deep learning in adversarial settings. In: Proceedings of IEEE Euro S&P, pp. 372–387 (2016)

30.

Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Using probabilistic generative models for ranking risks of Android apps. In: Proceedings of 19th ACM CCS, pp. 241–252 (2012)

31.

Random forest (2019). https://cs.stackexchange.com/questions/66112/what-is-the-big-oh-asymptotic-complexity-of-learning-in-random-forests. Accessed 25 May 2019

32.

Rastogi, V., Chen, Y., Jiang, X., et al.: Catch me if you can: evaluating Android anti-malware against transformation attacks. IEEE Trans. Inf. Forensics Secur. 9(1), 99–108 (2014)CrossRef

33.

Reaves, B., Bowers, J., Gorski III, S.A., Anise, O., Bobhate, R., Cho, R., Das, H., Hussain, S., Karachiwala, H., Scaife, N., et al.: * droid: assessment and evaluation of Android application analysis tools. ACM Comput. Surv. (CSUR) 49(3), 55 (2016)CrossRef

34.

Roy, S., et al.: Experimental study with real-world data for Android app security analysis using machine learning. In: Proceedings of 31st ACM ACSAC, pp. 81–90 (2015)

35.

Shen, S., Tople, S., Saxena, P.: Auror: defending against poisoning attacks in collaborative deep learning systems. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 508–519. ACM (2016)

36.

Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint (2013). arXiv:1312.6199

37.

Rahim Taheri, Meysam Ghahramani, Reza Javidan, Mohammad Shojafar, Zahra Pooranian, Mauro Conti, (2020) Similarity-based Android malware detection using Hamming distance of static binary features. Future Gener. Comput. Syst. 105, 230–247CrossRef

38.

Zhou, F., Yang, S., Fujita, H., Chen, D., Wen, C.: Deep learning fault diagnosis method based on global optimization GAN for unbalanced data. Knowl. Based Syst. (2019). https://doi.org/10.1016/j.knosys.2019.07.008CrossRef

Titel: Can machine learning model with static features be fooled: an adversarial machine learning approach
verfasst von: Rahim Taheri
Reza Javidan
Mohammad Shojafar
P. Vinod
Mauro Conti
Publikationsdatum: 17.03.2020
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe 4/2020
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-020-03083-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2020

Design and evaluation of a biologically-inspired cloud elasticity framework

Energy-driven cloud simulation: existing surveys, simulation supports, impacts and challenges

An efficient load balancing system using adaptive dragonfly algorithm in cloud computing

A meta-heuristic based multi objective optimization for load distribution in cloud data center under varying workloads

Efficient VM migrations using forecasting techniques in cloud computing: a comprehensive review

Process arrival pattern aware algorithms for acceleration of scatter and gather operations

Premium Partner