Abstract
Android has become the most popular platform for mobile devices, and also it has become a popular target for malware developers. At the same time, researchers have proposed a large number of methods, both static and dynamic analysis methods, to fight against malwares. Among these, Machine learning based methods are quite effective in Android malware detection, the accuracy of which can be up to 98%. Thus, malware developers have the incentives to develop more advanced malwares to evade detection. This paper presents an adversary attack pattern that will compromise current machine learning based malware detection methods. The malware developers can perform this attack easily by splitting malicious payload into two or more apps. The split apps will all be classified as benign by current methods. Thus, we proposed a method to deal with this issue. This approach, realized in a tool, called ColluDroid, can identify the collusion apps by analyzing the communication between apps. The evaluation results show that ColluDroid is effective in finding out the collusion apps. Also, we showed that it’s easy to split an app to evade detection. According to our split simulation, the evasion rate is 78%, when split into two apps; while the evasion rate comes to 94.8%, when split into three apps.
This research is supported in part by the project of National Science Foundation of China (NSFC)under grant No. 61601483, No. 61602503; the program of Changjiang Scholars and Innovative Research Team in University (No. IRT1012).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arp, D., Spreitzenbarth, M.: DREBIN: effective and explainable detection of android malware in your pocket. NDSS 14, 23–26 (2014)
Boyabatli, O., Sabuncuoglu, I.: Parameter selection in genetic algorithms. J. Systemics Cybern. Inf. 4(2), 78 (2004)
Chen, L., Ye, Y.: SecMD: make machine learning more secure against adversarial malware attacks. In: Peng, W., Alahakoon, D., Li, X. (eds.) AI 2017. LNCS (LNAI), vol. 10400, pp. 76–89. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63004-5_7
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: Proceedings of the 9th international Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)
Faruki, P., et al.: Android security: a survey of issues, malware penetration and defenses. IEEE Commun. Surv. Tutorials PP(99), 1 (2015)
Grosse, K., Papernot, N., Manoharan, P., et al.: Adversarial perturbations against deep neural networks for malware classification. arXiv, June 2016
Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning: Data mining, Inference, and Prediction, vol. 2. Springer, New York (2001). https://doi.org/10.1007/978-0-387-84858-7
Hou, S., Ye, Y., Song, Y., Abdulhayoglu, M.: HinDroid: an intelligent android malware detection system based on structured heterogeneous information network. In: KDD 2017, pp. 1507–1515. ACM Press, New York (2017)
Lam, P., Bodden, E., Lhoták, O., Hendren, L.: The soot framework for Java program analysis: a retrospective. In: Cetus Users and Compiler Infastructure Workshop (CETUS 2011), vol. 15, p. 35 (2011)
Liang, Z., Liu, H., Qiao, L., Feng, Y., Chen, W.: Improving stereo matching by incorporating geometry prior into convnet. Electron. Lett. 53(17), 1194–1196 (2017)
Lockheimer, H.: Android and security (2012). http://googlemobile.blogspot.com/2012/02/android-and-security.html
McAfee: Mobile threat report - McAfee (2017). https://www.mcafee.com/us/resources/reports/rp-mobile-threat-report-2017.pdf
Octeau, D., Luchaup, D., Dering, M., et al.: Composite constant propagation: application to android inter-component communication analysis. In: Proceedings - International Conference on Software Engineering, vol. 1, pp. 77–88 (2015)
Qiao, L., Zhang, B., Lu, X., Su, J.: Adaptive linearized alternating direction method of multipliers for non-convex compositely regularized optimization problems. Tsinghua Sci. Technol. 22(3), 328–341 (2017)
Roman, U., Fedor, S., Denis, P., Alexander, L.: It threat evolution q3 2017. statistics (2017). https://securelist.com/it-threat-evolution-q3-2017-statistics/83131/
Securelist: Mobile malware evolution: 2013 (2013). https://securelist.com/mobile-malware-evolution-2013/58335/
Zhang, M., Duan, Y., Yin, H., Zhao, Z.: Semantics-aware android malware classification using weighted contextual API dependency graphs. In: CCS 2014, pp. 1105–1116 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, H., Su, J., Qiao, L., Zhang, Y., Xin, Q. (2018). Malware Collusion Attack Against Machine Learning Based Methods: Issues and Countermeasures. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11067. Springer, Cham. https://doi.org/10.1007/978-3-030-00018-9_41
Download citation
DOI: https://doi.org/10.1007/978-3-030-00018-9_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00017-2
Online ISBN: 978-3-030-00018-9
eBook Packages: Computer ScienceComputer Science (R0)