当前位置:
X-MOL 学术
›
IEEE Trans. Inform. Forensics Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
MTDroid: A Moving Target Defense-Based Android Malware Detector Against Evasion Attacks
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 6-13-2024 , DOI: 10.1109/tifs.2024.3414339 Yuyang Zhou 1 , Guang Cheng 1 , Shui Yu 2 , Zongyao Chen 1 , Yujia Hu 1
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 6-13-2024 , DOI: 10.1109/tifs.2024.3414339 Yuyang Zhou 1 , Guang Cheng 1 , Shui Yu 2 , Zongyao Chen 1 , Yujia Hu 1
Affiliation
Machine learning (ML) has been widely adopted for Android malware detection to deal with serious threats brought by explosive malware attacks. However, it has been recently proven that ML-based detection systems exhibit inherent vulnerabilities to evasion attacks, which inject adversarial perturbations into a malicious app to hide its malicious behaviors and evade detection. To date, researchers have not found effective solutions for this critical problem. Although there are some similar works in the image classification field, most of those ideas cannot be borrowed due to the significant differences between images and Android apps. In this paper, we exploit Moving Target Defense (MTD) to continually change the attack surface of the protected detector and create uncertainty on the attacker side. We thus propose a novel Android malware detection framework named MTDroid, which fully leverages a seamless blend of dynamicity, diversity, and heterogeneity to mitigate the impact of evasion attacks. To this end, we develop a dynamic model pool to decrease the exposure time of a single classifier, by building and rebuilding multiple heterogeneous models with distinct data. We then generate diversified variant models to provide defensive measures against various attacks, and further improve robustness through ensemble learning. Specifically, we propose a two-stage selection algorithm to optimize the ensemble learning process, and design a hybrid update strategy to refresh the framework dynamically. The experimental results show that MTDroid significantly enhances the robustness against a wide range of attacks and outperforms the state-of-the-art methods upon three popular practical datasets.
中文翻译:
MTDroid:基于移动目标防御的 Android 恶意软件检测器,抵御逃避攻击
机器学习(ML)已广泛应用于 Android 恶意软件检测,以应对爆炸性恶意软件攻击带来的严重威胁。然而,最近已经证明,基于机器学习的检测系统表现出固有的逃避攻击漏洞,这些攻击会将对抗性扰动注入恶意应用程序以隐藏其恶意行为并逃避检测。迄今为止,研究人员尚未找到解决这一关键问题的有效解决方案。尽管图像分类领域有一些类似的工作,但由于图像和 Android 应用程序之间的显着差异,大多数想法无法借鉴。在本文中,我们利用移动目标防御(MTD)来不断改变受保护探测器的攻击面,并给攻击者带来不确定性。因此,我们提出了一种名为 MTDroid 的新型 Android 恶意软件检测框架,该框架充分利用动态性、多样性和异构性的无缝融合来减轻规避攻击的影响。为此,我们开发了一个动态模型池,通过使用不同的数据构建和重建多个异构模型来减少单个分类器的暴露时间。然后,我们生成多样化的变体模型,以提供针对各种攻击的防御措施,并通过集成学习进一步提高鲁棒性。具体来说,我们提出了一种两阶段选择算法来优化集成学习过程,并设计了一种混合更新策略来动态刷新框架。实验结果表明,MTDroid 显着增强了针对各种攻击的鲁棒性,并且在三个流行的实际数据集上优于最先进的方法。
更新日期:2024-08-22
中文翻译:
MTDroid:基于移动目标防御的 Android 恶意软件检测器,抵御逃避攻击
机器学习(ML)已广泛应用于 Android 恶意软件检测,以应对爆炸性恶意软件攻击带来的严重威胁。然而,最近已经证明,基于机器学习的检测系统表现出固有的逃避攻击漏洞,这些攻击会将对抗性扰动注入恶意应用程序以隐藏其恶意行为并逃避检测。迄今为止,研究人员尚未找到解决这一关键问题的有效解决方案。尽管图像分类领域有一些类似的工作,但由于图像和 Android 应用程序之间的显着差异,大多数想法无法借鉴。在本文中,我们利用移动目标防御(MTD)来不断改变受保护探测器的攻击面,并给攻击者带来不确定性。因此,我们提出了一种名为 MTDroid 的新型 Android 恶意软件检测框架,该框架充分利用动态性、多样性和异构性的无缝融合来减轻规避攻击的影响。为此,我们开发了一个动态模型池,通过使用不同的数据构建和重建多个异构模型来减少单个分类器的暴露时间。然后,我们生成多样化的变体模型,以提供针对各种攻击的防御措施,并通过集成学习进一步提高鲁棒性。具体来说,我们提出了一种两阶段选择算法来优化集成学习过程,并设计了一种混合更新策略来动态刷新框架。实验结果表明,MTDroid 显着增强了针对各种攻击的鲁棒性,并且在三个流行的实际数据集上优于最先进的方法。
京公网安备 11010802027423号