TY - GEN
T1 - Evasion Is Not Enough
T2 - 4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020
AU - Berger, Harel
AU - Hajaj, Chen
AU - Dvir, Amit
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - A growing number of Android malware detection systems are based on Machine Learning (ML) methods. However, ML methods are often vulnerable to evasion attacks, in which an adversary manipulates malicious instances so they are classified as benign. Here, we present a novel evaluation scheme for evasion attack generation that exploits the weak spots of known Android malware detection systems. We implement an innovative evasion attack on Drebin [3]. After our novel evasion attack, Drebin’s detection rate decreased by 12%. However, when inspecting the functionality and maliciousness of the manipulated instances, the maliciousness rate increased, whereas the functionality rate decreased by 72%. We show that non-functional apps, do not constitute a threat to users and are thus useless from an attacker’s point of view. Hence, future evaluations of attacks against Android malware detection systems should also address functionality and maliciousness tests.
AB - A growing number of Android malware detection systems are based on Machine Learning (ML) methods. However, ML methods are often vulnerable to evasion attacks, in which an adversary manipulates malicious instances so they are classified as benign. Here, we present a novel evaluation scheme for evasion attack generation that exploits the weak spots of known Android malware detection systems. We implement an innovative evasion attack on Drebin [3]. After our novel evasion attack, Drebin’s detection rate decreased by 12%. However, when inspecting the functionality and maliciousness of the manipulated instances, the maliciousness rate increased, whereas the functionality rate decreased by 72%. We show that non-functional apps, do not constitute a threat to users and are thus useless from an attacker’s point of view. Hence, future evaluations of attacks against Android malware detection systems should also address functionality and maliciousness tests.
KW - Android security
KW - Cyber security
KW - Malware detection
UR - https://www.scopus.com/pages/publications/85087785958
U2 - 10.1007/978-3-030-49785-9_11
DO - 10.1007/978-3-030-49785-9_11
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85087785958
SN - 9783030497842
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 167
EP - 174
BT - Cyber Security Cryptography and Machine Learning - 4th International Symposium, CSCML 2020, Proceedings
A2 - Dolev, Shlomi
A2 - Weiss, Gera
A2 - Kolesnikov, Vladimir
A2 - Lodha, Sachin
Y2 - 2 July 2020 through 3 July 2020
ER -