Fig 2 - uploaded by Jia Xu
Content may be subject to copyright.
Source publication
Machine Learning (ML) techniques can facilitate the automation of
mal
icious soft
ware
(malware for short) detection, but suffer from evasion attacks. Many studies counter such attacks in heuristic manners, lacking theoretical guarantees and defense effectiveness. In this paper, we propose a new adversarial training framework, termed
P
rincipl...
Context in source publication
Similar publications
In recent years, malware has experienced explosive growth and has become one of the most severe security threats. However, feature engineering easily restricts the traditional machine learning methods-based malware classification and is hard to deal with massive malware. At the same time, the dynamic analysis methods have the problems of complex op...
Citations
... Adversarial Training. This solution effectively strengthens the robustness of detection models against certain attacks by recursively feeding crafted adversarial examples of this class into the training dataset [39], [40]. However, it may be helpless to resist adversarial examples that are not seen in training. ...
Machine learning (ML) has been widely adopted for Android malware detection to deal with serious threats brought by explosive malware attacks. However, it has been recently proven that ML-based detection systems exhibit inherent vulnerabilities to evasion attacks, which inject adversarial perturbations into a malicious app to hide its malicious behaviors and evade detection. To date, researchers have not found effective solutions for this critical problem. Although there are some similar works in the image classification field, most of those ideas cannot be borrowed due to the significant differences between images and Android apps. In this paper, we exploit Moving Target Defense (MTD) to continually change the attack surface of the protected detector and create uncertainty on the attacker side. We thus propose a novel Android malware detection framework named MTDroid, which fully leverages a seamless blend of dynamicity, diversity, and heterogeneity to mitigate the impact of evasion attacks. To this end, we develop a dynamic model pool to decrease the exposure time of a single classifier, by building and rebuilding multiple heterogeneous models with distinct data. We then generate diversified variant models to provide defensive measures against various attacks, and further improve robustness through ensemble learning. Specifically, we propose a two-stage selection algorithm to optimize the ensemble learning process, and design a hybrid update strategy to refresh the framework dynamically. The experimental results show that MTDroid significantly enhances the robustness against a wide range of attacks and outperforms the state-of-the-art methods upon three popular practical datasets.
... For historical hydrological data that have not undergone reorganization, we use deep learning methods [25,26] to establish a predictive control model. The model, based on the temporal continuity, periodicity, seasonality, and spatial positions on the time scale of hydrological data, establishes a Periodic Temporal LSTM Predictive Control Model (PT-LSTM). ...
The quality of hydrological data has a significant impact on hydrological models, where stable and anomaly-free hydrological time series typically yield more valuable patterns. In this paper, we conduct data analysis and propose an online hydrological data quality control method based on an adaptive differential evolution algorithm according to the characteristics of hydrological data. Taking into account the characteristics of continuity, periodicity, and seasonality, we develop a Periodic Temporal Long Short-Term Memory (PT-LSTM) predictive control model. Building upon the real-time nature of the data, we apply the Adaptive Differential Evolution algorithm to optimize PT-LSTM, creating an Online Composite Predictive Control Model (OCPT-LSTM) that provides confidence intervals and recommended values for control and replacement. The experimental results demonstrate that the proposed data quality control method effectively manages data quality; detects data anomalies; provides suggested values; reduces reliance on manual intervention; provides a solid data foundation for hydrological data analysis work; and helps hydrological personnel in water resource scheduling, flood control, and other related tasks. Meanwhile, the proposed method can also be applied to the analysis of time series data in other industries.
... So far, adversarial training-based methods have shown great potential to safeguard ML models from evasion attacks [18], [19], [20]. By augmenting the training dataset with generated adversarial samples, adversarial training can increase the robustness of the trained model in future use. ...
... These attacks provide attackers with the capability to compromise the victim via a combination of multiple attack methods and manipulations. For instance, Li et al. [20] proposed a series of ensemble-based attacks, including the "Max" strategy enabled Mixture of Attacks (MaxMA), iterative MaxMA (iMaxMA), and Stepwise Mixture of Attacks (StepwiseMA), which effectively enhance the attack performance. Additionally, Croce and Hein [39] combined powerful attacks to create an ensemble attack namely AutoAttack, which demonstrates strong generalization across different models. ...
... The APK is mapped into the feature space as a binary feature vector, in which we can have 0 or 1 along each dimension, indicating the presence or absence of the corresponding feature. Following prior work [20], we exclude certain features that can be easily renamed or modified (e.g., package name) and retain the most frequent 10,000 ones in this study. Defenses considered for comparative analysis. ...
Machine learning (ML) has gained significant adoption in Android malware detection to address the escalating threats posed by the rapid proliferation of malware attacks. However, recent studies have revealed the inherent vulnerabilities of ML-based detection systems to evasion attacks. While efforts have been made to address this critical issue, many of the existing defensive methods encounter challenges such as lower effectiveness or reduced generalization capabilities. In this paper, we introduce a novel Android malware detection method, MalPurifier, which exploits adversarial purification to eliminate perturbations independently, resulting in attack mitigation in a light and flexible way. Specifically, MalPurifier employs a Denoising AutoEncoder (DAE)-based purification model to preprocess input samples, removing potential perturbations from them and then leading to correct classification. To enhance defense effectiveness, we propose a diversified adversarial perturbation mechanism that strengthens the purification model against different manipulations from various evasion attacks. We also incorporate randomized "protective noises" onto benign samples to prevent excessive purification. Furthermore, we customize a loss function for improving the DAE model, combining reconstruction loss and prediction loss, to enhance feature representation learning, resulting in accurate reconstruction and classification. Experimental results on two Android malware datasets demonstrate that MalPurifier outperforms the state-of-the-art defenses, and it significantly strengthens the vulnerable malware detector against 37 evasion attacks, achieving accuracies over 90.91%. Notably, MalPurifier demonstrates easy scalability to other detectors, offering flexibility and robustness in its implementation.
