Ataques de Mudança de Rótulo no Contexto da Detecção de Malwares Android: Uma Análise Experimental
Resumo
Neste artigo, analisamos experimentalmente sete conjuntos de dados e três modelos de ML no contexto de três ataques de inversão de rótulos, organizados em seis taxas de ruído de classificação. Os resultados indicam que os diferentes algoritmos adversários de inversão de rótulos podem degradar significativamente o desempenho dos modelos e sustentam a importância de desenvolver estratégias defensivas para aumentar a segurança e a eficácia dos modelos de ML no contexto detecção de malwares Android.Referências
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., and Siemens, C. (2014). Drebin: Effective and explainable detection of android malware in your pocket. In Ndss, volume 14, pages 23–26.
Aurangzeb, S. and Aleem, M. (2023). Evaluation and classification of obfuscated android malware through deep learning using ensemble voting mechanism. Scientific Reports, 13(1):3093.
Bala, N., Ahmar, A., Li, W., Tovar, F., Battu, A., and Bambarkar, P. (2022). Droidenemy: Battling adversarial example attacks for android malware detection. Digital Communications and Networks, 8(6):1040–1047.
Chicco, D. and Jurman, G. (2020). The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC Genomics, 21(1):6.
Colaco, C. W., Bagwe, M. D., Bose, S. A., and Jain, K. (2021). DefenseDroid: A Modern Approach to Android Malware Detection. Strad Research, 8(5):271–282.
Guerra-Manzanares, A., Bahsi, H., and Nõmm, S. (2021). Kronodroid: Time-based hybrid-featured dataset for effective android malware detection and characterization. Computers & Security, 110:102399.
Jmila, H. and Khedher, M. I. (2022). Adversarial machine learning for network intrusion detection: A comparative study. Computer Networks, 214:109073.
Khalid, F., Hanif, M. A., Rehman, S., and Shafique, M. (2018). Security for machine learning-based systems: Attacks and challenges during training and inference. In 2018 International Conference on Frontiers of Information Technology, pages 327–332.
Koh, P. W., Steinhardt, J., and Liang, P. (2022). Stronger data poisoning attacks break data sanitization defenses. Machine Learning, 111(1):1–47.
Li, G., Zhu, P., Li, J., Yang, Z., Cao, N., and Chen, Z. (2018). Security matters: A survey on adversarial machine learning. arXiv preprint arXiv:1810.07339.
Martín, A., Calleja, A., Menéndez, H. D., Tapiador, J., and Camacho, D. (2016). Adroit: Android malware detection using meta-information. In 2016 IEEE Symposium Series on Computational Intelligence (SSCI), pages 1–8.
Papernot, N., McDaniel, P., and Goodfellow, I. (2016). Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277.
Rahali, A. and Akhloufi, M. A. (2023). Malbertv2: Code aware bert-based model for malware identification. Big Data and Cognitive Computing, 7(2):60.
Rosenberg, I., Shabtai, A., Elovici, Y., and Rokach, L. (2021). Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Comput. Surv., 54(5).
Rosenfeld, E., Winston, E., Ravikumar, P., and Kolter, Z. (2020). Certified robustness to label-flipping attacks via randomized smoothing. In Proceedings of the 37th International Conference on Machine Learning, pages 8230–8241. PMLR.
Shannon, C. E. (2001). A mathematical theory of communication. SIGMOBILE Mob. Comput. Commun. Rev., 5(1):3–55.
Sharma, T. and Rattan, D. (2021). Malicious application detection in android — a systematic literature review. Computer Science Review, 40:100373.
Soares, T., Siqueira, G., Barcellos, L., Sayyed, R., Vargas, L., Rodrigues, G., Assolin, J., Pontes, J., Feitosa, E., and Kreutz, D. (2021). Detecção de malwares android: datasets e reprodutibilidade. In Anais da XIX Escola Regional de Redes de Computadores, pages 43–48. SBC.
Tabassi, E., Burns, K. J., Hadjimichael, M., Molina-Markham, A. D., and Sexton, J. T. (2019). A taxonomy and terminology of adversarial machine learning. NIST IR, 2019:1–29.
Taheri, R., Javidan, R., Shojafar, M., Pooranian, Z., Miri, A., and Conti, M. (2020). On defending against label flipping attacks on malware detection systems. Neural Computing and Applications, 32(18):14781–14800.
Urooj, B., Shah, M. A., Maple, C., Abbasi, M. K., and Riasat, S. (2022). Malware detection: A framework for reverse engineered android applications through machine learning algorithms. IEEE Access, 10:89031–89050.
Vilanova, L., Sayyed, R., Soares, T., Siqueira, G., Rodrigues, G., Feitosa, E., and Kreutz, D. (2021). Análise do impacto de viés nos conjuntos de dados para detecção de malwares android. In Anais da XIX Escola Regional de Redes de Computadores, pages 61–66. SBC.
Yerlikaya, F. A. and Şerif Bahtiyar (2022). Data poisoning attacks against machine learning algorithms. Expert Systems with Applications, 208:118101.
Zhang, H., Cheng, N., Zhang, Y., and Li, Z. (2021). Label flipping attacks against naive bayes on spam filtering systems. Applied Intelligence, 51(7):4503–4514.
Aurangzeb, S. and Aleem, M. (2023). Evaluation and classification of obfuscated android malware through deep learning using ensemble voting mechanism. Scientific Reports, 13(1):3093.
Bala, N., Ahmar, A., Li, W., Tovar, F., Battu, A., and Bambarkar, P. (2022). Droidenemy: Battling adversarial example attacks for android malware detection. Digital Communications and Networks, 8(6):1040–1047.
Chicco, D. and Jurman, G. (2020). The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation. BMC Genomics, 21(1):6.
Colaco, C. W., Bagwe, M. D., Bose, S. A., and Jain, K. (2021). DefenseDroid: A Modern Approach to Android Malware Detection. Strad Research, 8(5):271–282.
Guerra-Manzanares, A., Bahsi, H., and Nõmm, S. (2021). Kronodroid: Time-based hybrid-featured dataset for effective android malware detection and characterization. Computers & Security, 110:102399.
Jmila, H. and Khedher, M. I. (2022). Adversarial machine learning for network intrusion detection: A comparative study. Computer Networks, 214:109073.
Khalid, F., Hanif, M. A., Rehman, S., and Shafique, M. (2018). Security for machine learning-based systems: Attacks and challenges during training and inference. In 2018 International Conference on Frontiers of Information Technology, pages 327–332.
Koh, P. W., Steinhardt, J., and Liang, P. (2022). Stronger data poisoning attacks break data sanitization defenses. Machine Learning, 111(1):1–47.
Li, G., Zhu, P., Li, J., Yang, Z., Cao, N., and Chen, Z. (2018). Security matters: A survey on adversarial machine learning. arXiv preprint arXiv:1810.07339.
Martín, A., Calleja, A., Menéndez, H. D., Tapiador, J., and Camacho, D. (2016). Adroit: Android malware detection using meta-information. In 2016 IEEE Symposium Series on Computational Intelligence (SSCI), pages 1–8.
Papernot, N., McDaniel, P., and Goodfellow, I. (2016). Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277.
Rahali, A. and Akhloufi, M. A. (2023). Malbertv2: Code aware bert-based model for malware identification. Big Data and Cognitive Computing, 7(2):60.
Rosenberg, I., Shabtai, A., Elovici, Y., and Rokach, L. (2021). Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Comput. Surv., 54(5).
Rosenfeld, E., Winston, E., Ravikumar, P., and Kolter, Z. (2020). Certified robustness to label-flipping attacks via randomized smoothing. In Proceedings of the 37th International Conference on Machine Learning, pages 8230–8241. PMLR.
Shannon, C. E. (2001). A mathematical theory of communication. SIGMOBILE Mob. Comput. Commun. Rev., 5(1):3–55.
Sharma, T. and Rattan, D. (2021). Malicious application detection in android — a systematic literature review. Computer Science Review, 40:100373.
Soares, T., Siqueira, G., Barcellos, L., Sayyed, R., Vargas, L., Rodrigues, G., Assolin, J., Pontes, J., Feitosa, E., and Kreutz, D. (2021). Detecção de malwares android: datasets e reprodutibilidade. In Anais da XIX Escola Regional de Redes de Computadores, pages 43–48. SBC.
Tabassi, E., Burns, K. J., Hadjimichael, M., Molina-Markham, A. D., and Sexton, J. T. (2019). A taxonomy and terminology of adversarial machine learning. NIST IR, 2019:1–29.
Taheri, R., Javidan, R., Shojafar, M., Pooranian, Z., Miri, A., and Conti, M. (2020). On defending against label flipping attacks on malware detection systems. Neural Computing and Applications, 32(18):14781–14800.
Urooj, B., Shah, M. A., Maple, C., Abbasi, M. K., and Riasat, S. (2022). Malware detection: A framework for reverse engineered android applications through machine learning algorithms. IEEE Access, 10:89031–89050.
Vilanova, L., Sayyed, R., Soares, T., Siqueira, G., Rodrigues, G., Feitosa, E., and Kreutz, D. (2021). Análise do impacto de viés nos conjuntos de dados para detecção de malwares android. In Anais da XIX Escola Regional de Redes de Computadores, pages 61–66. SBC.
Yerlikaya, F. A. and Şerif Bahtiyar (2022). Data poisoning attacks against machine learning algorithms. Expert Systems with Applications, 208:118101.
Zhang, H., Cheng, N., Zhang, Y., and Li, Z. (2021). Label flipping attacks against naive bayes on spam filtering systems. Applied Intelligence, 51(7):4503–4514.
Publicado
18/09/2023
Como Citar
PONTES, Jonas; FEITOSA, Eduardo; ROCHA, Vanderson; SOUTO, Eduardo; KREUTZ, Diego.
Ataques de Mudança de Rótulo no Contexto da Detecção de Malwares Android: Uma Análise Experimental. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 321-334.
DOI: https://doi.org/10.5753/sbseg.2023.233592.