Identification of Adversarial Android Intents using Reinforcement Learning

Abstract

Android malware has grown manifold in the last decade and has become a threat to the ecosystem. Recently published literature suggests that the data mining based models have shown promising results in android malware detection. However, adversaries can identify vulnerabilities in these detection models using adversarial learning. Adversaries can further exploit these vulnerabilities by performing adversarial attacks on these detection models and reduce their performance. Therefore in this work, we first put ourselves in the adversary's shoes and propose an evasion attack to find vulnerabilities in various malware detection models using reinforcement learning. The attack aims to add perturbation(s) in malware samples to generate adversarial samples such that they are forcefully misclassified as benign samples by the malware detection models. The attack is designed for a limited knowledge scenario where an adversary does not know the learning algorithm used to build detection models, which is similar to a real-world scenario. We validated the proposed adversarial attack against ten malware detection models constructed using different learning algorithms. Our proposed attack with limited knowledge and capabilities accomplish more than 58% forced misclassification rate against all ten detection models. We also identified ten vulnerable intents that an adversary could exploit to decrease the performance of malware detection models. Lastly, we propose a defense against evasion attacks to increase the adversarial robustness of all malware detection models.