Evasion Is Not Enough: A Case Study of Android Malware

Harel Berger, Chen Hajaj, Amit Dvir

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations


A growing number of Android malware detection systems are based on Machine Learning (ML) methods. However, ML methods are often vulnerable to evasion attacks, in which an adversary manipulates malicious instances so they are classified as benign. Here, we present a novel evaluation scheme for evasion attack generation that exploits the weak spots of known Android malware detection systems. We implement an innovative evasion attack on Drebin [3]. After our novel evasion attack, Drebin’s detection rate decreased by 12%. However, when inspecting the functionality and maliciousness of the manipulated instances, the maliciousness rate increased, whereas the functionality rate decreased by 72%. We show that non-functional apps, do not constitute a threat to users and are thus useless from an attacker’s point of view. Hence, future evaluations of attacks against Android malware detection systems should also address functionality and maliciousness tests.

Original languageEnglish
Title of host publicationCyber Security Cryptography and Machine Learning - 4th International Symposium, CSCML 2020, Proceedings
EditorsShlomi Dolev, Gera Weiss, Vladimir Kolesnikov, Sachin Lodha
Number of pages8
StatePublished - 2020
Event4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020 - Beersheba, Israel
Duration: 2 Jul 20203 Jul 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12161 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020


  • Android security
  • Cyber security
  • Malware detection


Dive into the research topics of 'Evasion Is Not Enough: A Case Study of Android Malware'. Together they form a unique fingerprint.

Cite this