Adversarial attacks on malware detection models for smartphones using reinforcement learning

Abstract

Malware analysis and detection is a rat race between malware designer and anti-malware community. Most of the current Smartphone antivirus(s) are based on the signature, heuristic and behaviour based mechanisms which are unable to detect advanced polymorphic and metamorphic malware. Recently, researchers have developed state-of-the-art Android malware detection systems based on machine learning and deep learning. However, these models are prone to adversarial attacks which threaten the anti-malware ecosystem. Therefore in this work, we are investigating the robustness of Android malware detection models against adversarial attacks. We crafted adversarial attacks using reinforcement learning against detection models built using a variety of machine learning (classical, bagging, boosting) and deep learning algorithms. We are designing two adversarial attack strategies, namely single-policy and multi-policy attack for white-box and grey-box scenarios which are based on adversary's knowledge about the system. We designed the attack using Q-learning where a malicious application(s) is modified to generate variants which will force the detection models to misclassify them. The goal of the attack policy is to convert maximum Android applications (such that they are misclassified) with minimum modifications while maintaining the functional and behavioural integrity of applications. Preliminary results show an average fooling rate of around 40% across twelve distinct detection models based on different classification algorithms. We are also designing defence against these adversarial attack using model retraining and distillation.