Automated Poisoning Attacks and Defenses in Malware Detection Systems: An Adversarial Machine Learning Approach

摘要

The evolution of mobile malware poses a serious threat to smartphonesecurity. Today, sophisticated attackers can adapt by maximally sabotagingmachine-learning classifiers via polluting training data, rendering most recentmachine learning-based malware detection tools (such as Drebin, DroidAPIMiner,and MaMaDroid) ineffective. In this paper, we explore the feasibility ofconstructing crafted malware samples; examine how machine-learning classifierscan be misled under three different threat models; then conclude that injectingcarefully crafted data into training data can significantly reduce detectionaccuracy. To tackle the problem, we propose KuafuDet, a two-phase learningenhancing approach that learns mobile malware by adversarial detection.KuafuDet includes an offline training phase that selects and extracts featuresfrom the training set, and an online detection phase that utilizes theclassifier trained by the first phase. To further address the adversarialenvironment, these two phases are intertwined through a self-adaptive learningscheme, wherein an automated camouflage detector is introduced to filter thesuspicious false negatives and feed them back into the training phase. Wefinally show that KuafuDet can significantly reduce false negatives and boostthe detection accuracy by at least 15%. Experiments on more than 250,000 mobileapplications demonstrate that KuafuDet is scalable and can be highly effectiveas a standalone system.