research-article

Efficient Query-Based Attack against ML-Based Android Malware Detection under Zero Knowledge Setting

Authors:

Shouling JiAuthors Info & Claims

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 90 - 104

https://doi.org/10.1145/3576915.3623117

Published: 21 November 2023 Publication History

Abstract

The widespread adoption of the Android operating system has made malicious Android applications an appealing target for attackers. Machine learning-based (ML-based) Android malware detection (AMD) methods are crucial in addressing this problem; however, their vulnerability to adversarial examples raises concerns. Current attacks against ML-based AMD methods demonstrate remarkable performance but rely on strong assumptions that may not be realistic in real-world scenarios, e.g., the knowledge requirements about feature space, model parameters, and training dataset. To address this limitation, we introduce AdvDroidZero, an efficient query-based attack framework against ML-based AMD methods that operates under the zero knowledge setting. Our extensive evaluation shows that AdvDroidZero is effective against various mainstream ML-based AMD methods, in particular, state-of-the-art such methods and real-world antivirus solutions.

References

[1]

Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. 2016. AndroZoo: collecting millions of Android apps for the research community. In MSR.

[2]

Android. 2023 a. Android Documentation. [Accessed on Apr. 13, 2023].

[3]

Android. 2023 b. Android Manifest Documentation. https://developer.android.com/guide/topics/manifest/manifest-intro. [Accessed on Apr. 21, 2023].

[4]

Android. 2023 c. Android Permission. https://developer.android.com/reference/android/Manifest.permission. [Accessed on Apr. 21, 2023].

[5]

Android. 2023 d. App Components. https://developer.android.com/guide/components/fundamentals. [Accessed on Apr. 21, 2023].

[6]

Android. 2023 e. App Intent. https://developer.android.com/reference/android/content/Intent. [Accessed on Apr. 21, 2023].

[7]

Android. 2023 f. App Process. https://developer.android.com/guide/components/processes-and-threads. [Accessed on Apr. 21, 2023].

[8]

Android. 2023 g. Use-Feature reference. https://developer.android.com/guide/topics/manifest/uses-feature-element. [Accessed on Apr. 21, 2023].

[9]

Apktool. 2023. Apktool. https://ibotpeaches.github.io/Apktool/. [Accessed on Apr. 21, 2023].

[10]

Giovanni Apruzzese, Hyrum S. Anderson, Savino Dambra, David Freeman, Fabio Pierazzi, and Kevin A. Roundy. 2022. "Real Attackers Don't Compute Gradients": Bridging the Gap Between Adversarial ML Research and Practice. CoRR (2022).

[11]

Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck. 2022. Dos and Don'ts of Machine Learning in Computer Security. In USENIX Security Symposium.

[12]

Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, and Konrad Rieck. 2014. DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. In NDSS.

[13]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In PLDI.

[14]

Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. 2012. PScout: analyzing the Android permission specification. In ACM CCS.

Digital Library

[15]

AV-ATLAS. 2023. Total Amount of Android Malware. https://portal.av-atlas.org/malware/statistics. [Accessed on Apr. 13, 2023].

[16]

Federico Barbero, Feargus Pendlebury, Fabio Pierazzi, and Lorenzo Cavallaro. 2022. Transcending TRANSCEND: Revisiting Malware Classification in the Presence of Concept Drift. In IEEE S&P.

[17]

Battista Biggio and Fabio Roli. 2018. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognit. (2018).

[18]

Hamid Bostani and Veelasha Moonsamy. 2021. EvadeDroid: A Practical Evasion Attack on Machine Learning for Black-box Android Malware Detection. CoRR (2021).

[19]

Nicholas Carlini, Anish Athalye, Nicolas Papernot, Wieland Brendel, Jonas Rauber, Dimitris Tsipras, Ian J. Goodfellow, Aleksander Madry, and Alexey Kurakin. 2019. On Evaluating Adversarial Robustness. CoRR (2019).

[20]

Nicholas Carlini and David A. Wagner. 2017. Towards Evaluating the Robustness of Neural Networks. In IEEE S&P.

[21]

Jianbo Chen, Michael I. Jordan, and Martin J. Wainwright. 2020a. HopSkipJumpAttack: A Query-Efficient Decision-Based Attack. In IEEE S&P.

[22]

Xiao Chen, Chaoran Li, Derui Wang, Sheng Wen, Jun Zhang, Surya Nepal, Yang Xiang, and Kui Ren. 2020b. Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection. IEEE Trans. Inf. Forensics Secur. (2020).

[23]

Tianyu Du, Shouling Ji, Lujia Shen, Yao Zhang, Jinfeng Li, Jie Shi, Chengfang Fang, Jianwei Yin, Raheem Beyah, and Ting Wang. 2021. Cert-RNN: Towards Certifying the Robustness of Recurrent Neural Networks. In ACM CCS.

[24]

Google Play. 2023. Google Play. [Accessed on Apr. 13, 2023].

[25]

Kathrin Grosse, Nicolas Papernot, Praveen Manoharan, Michael Backes, and Patrick D. McDaniel. 2017. Adversarial Examples for Malware Detection. In ESORICS.

[26]

Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, and Xinyu Xing. 2018. LEMNA: Explaining Deep Learning based Security Applications. In ACM CCS.

Digital Library

[27]

Roberto Jordaney, Kumar Sharad, Santanu Kumar Dash, Zhi Wang, Davide Papini, Ilia Nouretdinov, and Lorenzo Cavallaro. 2017. Transcend: Detecting Concept Drift in Malware Classification Models. In USENIX Security Symposium.

[28]

Changjiang Li, Shouling Ji, Haiqin Weng, Bo Li, Jie Shi, Raheem Beyah, Shanqing Guo, Zonghui Wang, and Ting Wang. 2022a. Towards Certifying the Asymmetric Robustness for Neural Networks: Quantification and Applications. IEEE Trans. Dependable Secur. Comput. (2022).

[29]

Deqiang Li and Qianmu Li. 2020. Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection. IEEE Trans. Inf. Forensics Secur. (2020).

[30]

Heng Li, Zhang Cheng, Bang Wu, Liheng Yuan, Cuiying Gao, Wei Yuan, and Xiapu Luo. 2023 a. Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information. CoRR (2023).

[31]

Huiying Li, Shawn Shan, Emily Wenger, Jiayun Zhang, Haitao Zheng, and Ben Y. Zhao. 2022b. Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks. In USENIX Security Symposium.

[32]

Heng Li, ShiYao Zhou, Wei Yuan, Xiapu Luo, Cuiying Gao, and Shuiyan Chen. 2021. Robust Android Malware Detection against Adversarial Example Attacks. In WWW.

[33]

Jinfeng Li, Shouling Ji, Tianyu Du, Bo Li, and Ting Wang. 2019. TextBugger: Generating Adversarial Text Against Real-world Applications. In NDSS.

[34]

Linyi Li, Tao Xie, and Bo Li. 2023 b. SoK: Certified Robustness for Deep Neural Networks. In IEEE S&P.

[35]

Yue Liu, Chakkrit Tantithamthavorn, Li Li, and Yepang Liu. 2023. Deep Learning for Android Malware Defenses: A Systematic Literature Review. ACM Comput. Surv. (2023).

[36]

Yuhao Mao, Chong Fu, Saizhuo Wang, Shouling Ji, Xuhong Zhang, Zhenguang Liu, Jun Zhou, Alex X. Liu, Raheem Beyah, and Ting Wang. 2022. Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings. In IEEE S&P.

[37]

Enrico Mariconti, Lucky Onwuzurike, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon J. Ross, and Gianluca Stringhini. 2017. MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models. In NDSS.

[38]

Gail C. Murphy, David Notkin, William G. Griswold, and Erica S.-C. Lan. 1998. An Empirical Study of Static Call Graph Extractors. ACM Trans. Softw. Eng. Methodol. (1998).

[39]

Anthony J Myles, Robert N Feudale, Yang Liu, Nathaniel A Woody, and Steven D Brown. 2004. An introduction to decision tree modeling. Journal of Chemometrics: A Journal of the Chemometrics Society (2004).

[40]

Nicolas Papernot, Patrick D. McDaniel, Ian J. Goodfellow, Somesh Jha, Z. Berkay Celik, and Ananthram Swami. 2017. Practical Black-Box Attacks against Machine Learning. In ACM AsiaCCS.

[41]

Adam Paszke, Sam Gross, Francisco Massa, Adam Lerer, James Bradbury, Gregory Chanan, Trevor Killeen, Zeming Lin, Natalia Gimelshein, Luca Antiga, Alban Desmaison, Andreas Köpf, Edward Z. Yang, Zachary DeVito, Martin Raison, Alykhan Tejani, Sasank Chilamkurthy, Benoit Steiner, Lu Fang, Junjie Bai, and Soumith Chintala. 2019. PyTorch: An Imperative Style, High-Performance Deep Learning Library. In NeurIPS.

Digital Library

[42]

Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In USENIX Security Symposium.

[43]

Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, and Lorenzo Cavallaro. 2020. Intriguing Properties of Adversarial ML Attacks in the Problem Space. In IEEE Symposium on S&P.

[44]

J. Ross Quinlan. 1996. Learning Decision Tree Classifiers. ACM Comput. Surv. (1996).

Digital Library

[45]

Vitalis Salis, Thodoris Sotiropoulos, Panos Louridas, Diomidis Spinellis, and Dimitris Mitropoulos. 2021. PyCG: Practical Call Graph Generation in Python. In ICSE.

[46]

Yun Shen, Pierre-Antoine Vervier, and Gianluca Stringhini. 2021. Understanding Worldwide Private Information Collection on Android. In NDSS.

[47]

Yun Shen, Pierre Antoine Vervier, and Gianluca Stringhini. 2022. A Large-scale Temporal Measurement of Android Malicious Apps: Persistence, Migration, and Lessons Learned. In USENIX Security Symposium.

[48]

Wei Song, Xuezixiang Li, Sadia Afroz, Deepali Garg, Dmitry Kuznetsov, and Heng Yin. 2022. MAB-Malware: A Reinforcement Learning Framework for Blackbox Generation of Adversarial Malware. In ACM AsiaCCS.

[49]

Statista. 2023. Mobile Operating Systems' Market. https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/. [Accessed on Apr. 13, 2023].

[50]

Guillermo Suarez-Tangil and Gianluca Stringhini. 2022. Eight Years of Rider Measurement in the Android Malware Ecosystem. IEEE Trans. Dependable Secur. Comput. (2022).

Digital Library

[51]

Octavian Suciu, Radu Marginean, Yigitcan Kaya, Hal Daumé III, and Tudor Dumitras. 2018. When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks. In USENIX Security Symposium.

[52]

Thomas Tanay and Lewis D. Griffin. 2016. A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples. CoRR (2016).

[53]

Raja Vallé e-Rai, Phong Co, Etienne Gagnon, Laurie J. Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - a Java bytecode optimization framework. In CASCON.

[54]

VirusShare. 2023. VirusShare Dataset. https://virusshare.com/. [Accessed on July 17, 2023].

[55]

VirusTotal. 2023 a. VirusTotal API Documentation. [Accessed on Apr. 13, 2023].

[56]

VirusTotal. 2023 b. VirusTotal Sandboxes. https://support.virustotal.com/hc/en-us/articles/6253253596957. [Accessed on July 17, 2023].

[57]

Viet Quoc Vo, Ehsan Abbasnejad, and Damith C. Ranasinghe. 2022. RamBoAttack: A Robust and Query Efficient Deep Neural Network Decision Exploit. In NDSS.

[58]

Wei Wang, Ruoxi Sun, Tian Dong, Shaofeng Li, Minhui Xue, Gareth Tyson, and Haojin Zhu. 2021. Exposing Weaknesses of Malware Detectors with Explainability-Guided Evasion Attacks. CoRR (2021).

[59]

Bozhi Wu, Sen Chen, Cuiyun Gao, Lingling Fan, Yang Liu, Weiping Wen, and Michael R. Lyu. 2021a. Why an Android App Is Classified as Malware: Toward Malware Classification Interpretation. ACM Trans. Softw. Eng. Methodol. (2021).

[60]

Xian Wu, Wenbo Guo, Hua Wei, and Xinyu Xing. 2021b. Adversarial Policy Training against Deep Reinforcement Learning. In USENIX Security Symposium.

[61]

Limin Yang, Wenbo Guo, Qingying Hao, Arridhana Ciptadi, Ali Ahmadzadeh, Xinyu Xing, and Gang Wang. 2021. CADE: Detecting and Explaining Concept Drift Samples for Security Applications. In USENIX Security Symposium.

[62]

Zhuolin Yang, Zhikuan Zhao, Boxin Wang, Jiawei Zhang, Linyi Li, Hengzhi Pei, Bojan Karla?, Ji Liu, Heng Guo, Ce Zhang, and Bo Li. 2022. Improving Certified Robustness via Statistical Learning with Logical Reasoning. In NeurIPS.

[63]

Jin Zhang, Chennan Zhang, Xiangyu Liu, Yuncheng Wang, Wenrui Diao, and Shanqing Guo. 2021. ShadowDroid: Practical Black-box Attack against ML-based Android Malware Detection. In ICPADS.

[64]

Xinyang Zhang, Ningfei Wang, Hua Shen, Shouling Ji, Xiapu Luo, and Ting Wang. 2020a. Interpretable Deep Learning under Fire. In USENIX Security Symposium.

[65]

Xiaohan Zhang, Yuan Zhang, Ming Zhong, Daizong Ding, Yinzhi Cao, Yukun Zhang, Mi Zhang, and Min Yang. 2020b. Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware. In ACM CCS.

[66]

Kaifa Zhao, Hao Zhou, Yulin Zhu, Xian Zhan, Kai Zhou, Jianfeng Li, Le Yu, Wei Yuan, and Xiapu Luo. 2021. Structural Attack against Graph Based Android Malware Detection. In ACM CCS.

Cited By

Zheng JLiu JZhang AZeng JYang ZLiang ZChua TFilkov VRay BZhou M(2024)MaskDroid: Robust Android Malware Detection with Masked Graph RepresentationsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695008(331-343)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695008
Zhou FWang DXiong YSun KWang W(2024)FAMCF: A few-shot Android malware family classification frameworkComputers & Security10.1016/j.cose.2024.104027146(104027)Online publication date: Nov-2024
https://doi.org/10.1016/j.cose.2024.104027

Index Terms

Efficient Query-Based Attack against ML-Based Android Malware Detection under Zero Knowledge Setting
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation
  2. Software and application security
    1. Software security engineering

Recommendations

Smart malware detection on Android

Nowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current ...
Protecting data on android platform against privilege escalation attack
Innovative Security Technologies against Insider Threats and Data Leakage

The users of smartphones are rapidly expanding worldwide. These devices have user's security-sensitive data and are ready to communicate with the outside world. Various kinds of malware are attacking smartphones, especially Android phones, but the ...
Evaluating Machine Learning Models for Android Malware Detection: A Comparison Study
ICNCC '18: Proceedings of the 2018 VII International Conference on Network, Communication and Computing

Android is the most popular mobile operating system having billions of active users worldwide that attracted advertisers, hackers, and cybercriminals to develop malware for various purposes. In recent years, wide-ranging researches have been conducted ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

November 2023

3722 pages

ISBN:9798400700507

DOI:10.1145/3576915

General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '23

Sponsor:

SIGSAC

CCS '23: ACM SIGSAC Conference on Computer and Communications Security

November 26 - 30, 2023

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
872
Total Downloads

Downloads (Last 12 months)872
Downloads (Last 6 weeks)84

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zheng JLiu JZhang AZeng JYang ZLiang ZChua TFilkov VRay BZhou M(2024)MaskDroid: Robust Android Malware Detection with Masked Graph RepresentationsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695008(331-343)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695008
Zhou FWang DXiong YSun KWang W(2024)FAMCF: A few-shot Android malware family classification frameworkComputers & Security10.1016/j.cose.2024.104027146(104027)Online publication date: Nov-2024
https://doi.org/10.1016/j.cose.2024.104027

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents