Machine learning based solutions have been successfully employed for automatic detection of malware in Android applications. However, as is known, machine learning models lack robustness to adversarial examples, which are crafted by adding minor, yet carefully chosen, perturbations to the normal inputs. So far, the adversarial examples can only deceive Android malware detectors that rely on syntactic features (e.g., requested permissions, specific API calls, etc.), and the perturbations can only be implemented by simply modifying Android manifest. While recent Android malware detectors rely more on semantic features from Dalvik bytecode rather than manifest, existing attacking/defending methods are no longer effective due to the rising challenge in adding perturbations to Dalvik bytecode without affecting their original functionality.In this paper, we introduce a new highly-effective attack that generates adversarial examples of Android malware and evades being detected by the current models. To this end, we propose a method of applying optimal perturbations onto Android APK using a substitute model (i.e., a Deep Neural Network). Based on the transferability concept, the perturbations that successfully deceive the substitute model are likely to deceive the original models as well (e.g., Support Vector Machine in Drebin or Random Forest in MaMaDroid). We develop an automated tool to generate the adversarial examples without human intervention to apply the attacks. In contrast to existing works, the adversarial examples crafted by our method can also deceive recent machine learning based detectors that rely on semantic features such as control-flow-graph. The perturbations can also be implemented directly onto APK's Dalvik bytecode rather than Android manifest to evade from recent detectors. We evaluated the proposed manipulation methods for adversarial examples by using the same datasets that Drebin and MaMadroid (5879 malware examples) used. Our results show that, the malware detection rates decreased from 96% to 1% in MaMaDroid, and from 97% to 1% in Drebin, with just a small distortion generated by our adversarial examples manipulation method.
This study developed two model predictive control (MPC) algorithms, a certainty-equivalence MPC and a chance-constrained MPC, for indoor thermal control to minimize energy consumption while maintaining occupant thermal comfort. It is assumed that occupant perceptions of thermal sensation can be continually collected and fed back to calibrate a dynamic thermal sensation model and to update the MPC. The performance of the proposed MPCs based on Actual Mean Vote (AMV) was compared to an MPC using Fanger's Predicted Mean Vote (PMV) as the thermal comfort index. Simulation results demonstrated that when the PMV gives an accurate prediction of occupants' AMV, the proposed MPCs achieve a comparable level of energy consumption and thermal comfort, while it reduces the demand on continually sensing environmental and occupant parameters used by the PMV model. Simulation results also showed that when there is a discrepancy between the PMV and AMV, the proposed MPC controllers based on AMV expect to outperform the PMV based MPC by providing a better outcome in indoor thermal comfort and energy consumption. In addition, the proposed chance-constrained MPC offers an opportunity to adjust the probability of satisfying the thermal comfort constraint to achieve a balance between energy consumption and thermal comfort.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.