Yinyuan Zhang, School of Computer Science, Peking University; Key Laboratory of High Confidence Software Technologys (Peking University), Ministry of Education; Cuiying Gao, Huazhong University of Science and Technology; JD.com; Yueming Wu, Nanyang Technological University; Shihan Dou, Fudan University; Cong Wu, Nanyang Technological University; Ying Zhang, Key Laboratory of High Confidence Software Technologys (Peking University), Ministry of Education; National Engineering Research Center of Software Engineering, Peking University; Wei Yuan, Huazhong University of Science and Technology; Yang Liu, Nanyang Technological University
The pervasive adoption of Android as the leading operating system, due to its open-source nature, has simultaneously rendered it a prime target for malicious software attacks. In response, various learning-based Android malware detectors (AMDs) have been developed, achieving notable success in malware identification. However, these detectors are increasingly compromised by adversarial examples (AEs), which are subtly modified inputs designed to evade detection while maintaining malicious functionality. Recently, advanced adversarial example generation tools have been introduced that can reduce the efficacy of popular detectors to 1%. In this background, to address the critical need for more resilient AMDs, we propose a novel defense mechanism, Harnessing Attack Generativity for Defense Enhancement, i.e., HagDe. HagDe involves applying iterative perturbations in the direction of gradient ascent to all samples, aiming to exploit the high sensitivity of AEs to perturbations. This method enables the detection of adversarial samples by observing the disproportionate increase in the loss function following minor perturbations, distinguishing them from regular samples. To evaluate HagDe, we conduct an extensive evaluation on 15,000 samples and 15 different attack combinations. The experimental results show that ourtool can achieve a defense effectiveness of 88.5% on AdvDroidZero and 90.7% on BagAmmo, representing an increase of 32.45% and 11.28%, respectively, compared to the latest defense method KD_BU and LID.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
