GenDroid: A Query-Efficient Black-box Android Adversarial Attack Framework

Guangquan Xu, Hongfei Shao, Jingyi Cui, Hongpeng Bai*, Jiliang Li*, Guangdong Bai, Shaoying Liu, Weizhi Meng, Xi Zheng

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

Abstract

The security problems of Android applications have been gradually exposed with the increasing popularity of the Android OS. Machine learning (ML) and deep learning (DL) based Android malware detection is still suffering from adversarial attacks, although it has better performance than traditional methods. In this paper, we propose a query-efficient black-box attack method called GenDroid, which can generate high-quality Android adversarial examples with a low number of queries. We take GenDroid as an attack framework and extend it with the attention mechanism and JSMA algorithm to improve the efficiency of adversarial example production. We evaluate the effectiveness of our attack on two state-of-the-art Android malware detection schemes, Drebin and MaMaDroid. Compared with four state-of-the-art adversarial attacks on real-world datasets, GenDroid achieves higher misclassification rates with significantly the fewest number of queries on the two datasets. In addition, we have validated the effectiveness of our attack on real-world commercial anti-virus engines. Finally, to enhance the security of Android malware detector and defend against the GenDroid attack, we use combined features consisting of the associated Android features, the spatial properties of Android adversarial examples and the uncertainty to detect adversarial examples, which can achieve a high detection rate of 95.71%.
Original languageEnglish
Article number103359
JournalComputers and Security
Volume132
Number of pages12
ISSN0167-4048
DOIs
Publication statusPublished - 2023

Keywords

  • Adversarial examples
  • Android
  • Black-box attack
  • Query-efficient

Fingerprint

Dive into the research topics of 'GenDroid: A Query-Efficient Black-box Android Adversarial Attack Framework'. Together they form a unique fingerprint.

Cite this