On defending against label flipping attacks on malware detection systems

Taheri, Rahim; Javidan, Reza; Shojafar, Mohammad; Pooranian, Zahra; Miri, Ali; Conti, Mauro

doi:10.1007/s00521-020-04831-9

Cited by 73 publications

(43 citation statements)

References 24 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They also have write access. Although they cannot change the label (as in label flipping [91]) or modify the features of existing training samples, they are allowed to inject new samples in the training dataset. The adversary also knows the features used by the detector -which correspond to the features representing the samples of the training dataset.…”

Section: Case Studiesmentioning

confidence: 99%

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

et al. 2022

View full text Add to dashboard Cite

The incremental diffusion of machine learning algorithms in supporting cybersecurity is creating novel defensive opportunities but also new types of risks. Multiple researches have shown that machine learning methods are vulnerable to adversarial attacks that create tiny perturbations aimed at decreasing the effectiveness of detecting threats. We observe that existing literature assumes threat models that are inappropriate for realistic cybersecurity scenarios because they consider opponents with complete knowledge about the cyber detector or that can freely interact with the target systems. By focusing on Network Intrusion Detection Systems based on machine learning methods, we identify and model the real capabilities and circumstances that are necessary for an attacker to carry out a feasible and successful adversarial attack. We then apply our model to several adversarial attacks proposed in literature and highlight the limits and merits that can result in actual adversarial attacks. The contributions of this paper can help hardening defensive systems by letting cyber defenders address the most critical and real issues, and can benefit researchers by allowing them to devise novel forms of adversarial attacks based on realistic threat models.

show abstract

Section: Case Studiesmentioning

confidence: 99%

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Reactive countermeasures are only able to detect adversarial behaviour after the neural network has been built and deployed. Reactive countermeasures could be input reconstruction, and data sanitation, which could be performed using multiple classifier systems or statistical analysis [21,38]. Yuan et al propose re-training to be a proactive countermeasure against adversaries, as adversarial training could prepare a model in an improved manner [16].…”

Section: Related Workmentioning

confidence: 99%

Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT

Papadopoulos

Essen

Pitropakis

et al. 2021

JCP

View full text Add to dashboard Cite

As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models’ robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability.

show abstract

“…is gives rise to an alternative static analysis method that uses multiple static features to detect malware. For this purpose, the executable application (APK) is reverse engineered from which relevant features are extracted for analysis and detection, such as API [11][12][13], permission [14,15], intents [16], function call graph [17,18], and control follow [19]. Arora et al [20] proposed a novel detection model, called PermPair, which detects malware by mining the combination of permissions from the AndroidManifest.xml on applications.…”

Section: Related Workmentioning

confidence: 99%

FB2Droid: A Novel Malware Family-Based Bagging Algorithm for Android Malware Detection

Shao

Xiong

Cai

2021

Security and Communication Networks

View full text Add to dashboard Cite

As the number of Android malware applications continues to grow at a high rate, detecting malware to protect the system security and user privacy is becoming increasingly urgent. Each malware application belongs to a specific family, and there is a gap in the number of malware families. The accuracy of detection can be improved if malware family information is well utilized and certain strategies are adopted to balance the variability among samples. In addition, the performance of a base classifier is limited. If an ensemble classifier or an ensemble method can be adopted, the detection effect can be further improved. Therefore, this paper proposes a novel malware family-based bagging algorithm for Android malware detection, called FB2Droid, to perform malware detection. First, five features are extracted from the Android application package. Then, the relief feature selection algorithm is used for feature selection. Next, we designed two different sampling strategies based on different families of malware to alleviate the sample imbalance in the dataset. Combined with the two sampling strategies, the traditional bagging algorithm is improved to integrate the classifier. In the experiment, several classifiers were used to evaluate the proposed scheme. The experimental results show that the proposed sampling strategy and the improved bagging algorithm can effectively improve the detection accuracy of these classifiers.

show abstract

On defending against label flipping attacks on malware detection systems

Cited by 73 publications

References 24 publications

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

Modeling Realistic Adversarial Attacks against Network Intrusion Detection Systems

Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT

FB2Droid: A Novel Malware Family-Based Bagging Algorithm for Android Malware Detection

Contact Info

Product

Resources

About