DroidEye: Fortifying Security of Learning-Based Classifier Against Adversarial Android Malware Attacks

“…• We explore the arms race between adversarial malware attack and defense to en-hance the security of machine learning-based detection systems through analyzing adversarial attacks, and formulating secure-learning paradigms to counter the adversarial attacks. Our work on adversarial machinle learning in malware detection has resulted in 5 publications [32,33,28,29,30].…”

“…DroidEye to counter these attacks. In our proposed methods, SecDefender adopts classifier retraining technique on basis of our proposed adversarial attack model AdvAttack and enhances the robustness of the classifier using the security regularization terms; SecureDroid utilizes a novel feature selection method to build more secure classifier by enforcing attackers to increase the adversarial costs and maximize the manipulations, and introduces an ensemble learning approach to aggregate different individual classifiers constructed using our proposed feature selection method to improve system security while not compromising detection accuracy; DroidEye takes advantage of gradient masking for feature space, utilizes count featurization to transform the binary feature space into continuous probabilities encoding the distribution in each class (either benign or malicious) to reduce the adversarial gradient of the learning model, and then introduces softmax function (i.e., normalized exponential function) with adversarial parameter to find the best trade-off between security and accuracy for the classifier by tuning the adversarial parameter [32,33,28,30] (See Section 4.3 for details).…”

“…• We develop practical systems integrating our proposed methods for comprehensive experimental studies on real sample collections from an anti-malware industry company. Specifically, we collect different sample sets from Comodo Cloud Security Center; based on these real sample collections, we construct practical systems based on our proposed methods and provide a series of comprehensive experiments to empirically evaluate the performances of these methods [33,28,32,31,27,30] (See Section 3.2.3, 3.3.3, 4.3.4, 4.4.4, and 4.5.3 for details).…”

“…In sum, by the date of this dissertation, we have had 9 publications [31,27,66,143,32,33,28,29,30] in intelligent malware detection using file-to-file relations and adversarial machine learning in malware detection, including the prestigious IEEE EISIC'2017 Best…”

“…Feature Integration (denoted as f I ). The feature integration of an ensemble is the percentage of features that are included in at least one of the base classifiers, which can be defined as follow: 30) where the feature set F ∈ R d in the ensemble is aggregated by the feature sets F k (k = 1, 2, ..., K) from base classifiers.…”

Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks

“…• We explore the arms race between adversarial malware attack and defense to en-hance the security of machine learning-based detection systems through analyzing adversarial attacks, and formulating secure-learning paradigms to counter the adversarial attacks. Our work on adversarial machinle learning in malware detection has resulted in 5 publications [32,33,28,29,30].…”

“…DroidEye to counter these attacks. In our proposed methods, SecDefender adopts classifier retraining technique on basis of our proposed adversarial attack model AdvAttack and enhances the robustness of the classifier using the security regularization terms; SecureDroid utilizes a novel feature selection method to build more secure classifier by enforcing attackers to increase the adversarial costs and maximize the manipulations, and introduces an ensemble learning approach to aggregate different individual classifiers constructed using our proposed feature selection method to improve system security while not compromising detection accuracy; DroidEye takes advantage of gradient masking for feature space, utilizes count featurization to transform the binary feature space into continuous probabilities encoding the distribution in each class (either benign or malicious) to reduce the adversarial gradient of the learning model, and then introduces softmax function (i.e., normalized exponential function) with adversarial parameter to find the best trade-off between security and accuracy for the classifier by tuning the adversarial parameter [32,33,28,30] (See Section 4.3 for details).…”

“…• We develop practical systems integrating our proposed methods for comprehensive experimental studies on real sample collections from an anti-malware industry company. Specifically, we collect different sample sets from Comodo Cloud Security Center; based on these real sample collections, we construct practical systems based on our proposed methods and provide a series of comprehensive experiments to empirically evaluate the performances of these methods [33,28,32,31,27,30] (See Section 3.2.3, 3.3.3, 4.3.4, 4.4.4, and 4.5.3 for details).…”

“…In sum, by the date of this dissertation, we have had 9 publications [31,27,66,143,32,33,28,29,30] in intelligent malware detection using file-to-file relations and adversarial machine learning in malware detection, including the prestigious IEEE EISIC'2017 Best…”

“…Feature Integration (denoted as f I ). The feature integration of an ensemble is the percentage of features that are included in at least one of the base classifiers, which can be defined as follow: 30) where the feature set F ∈ R d in the ensemble is aggregated by the feature sets F k (k = 1, 2, ..., K) from base classifiers.…”

Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks

Enhanced DNNs for malware classification with GAN-based adversarial training

Detection and robustness evaluation of android malware classifiers