GenDroid: A query-efficient black-box android adversarial attack framework

Abstract

The security problems of Android applications have been gradually exposed with the increasing popularity of the Android OS. Machine learning (ML) and deep learning (DL) based Android malware detection is still suffering from adversarial attacks, although it has better performance than traditional methods. In this paper, we propose a query-efficient black-box attack method called GenDroid, which can generate high-quality Android adversarial examples with a low number of queries. We take GenDroid as an attack framework and extend it with the attention mechanism and JSMA algorithm to improve the efficiency of adversarial example production. We evaluate the effectiveness of our attack on two state-of-the-art Android malware detection schemes, Drebin and MaMaDroid. Compared with four state-of-the-art adversarial attacks on real-world datasets, GenDroid achieves higher misclassification rates with significantly the fewest number of queries on the two datasets. In addition, we have validated the effectiveness of our attack on real-world commercial anti-virus engines. Finally, to enhance the security of Android malware detector and defend against the GenDroid attack, we use combined features consisting of the associated Android features, the spatial properties of Android adversarial examples and the uncertainty to detect adversarial examples, which can achieve a high detection rate of 95.71%.