Skip to main content
SpringerLink
Log in

AndrOpGAN: An Opcode GAN for Android Malware Obfuscations

  • Conference paper
  • First Online:
Book cover Machine Learning for Cyber Security (ML4CS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12486))

Included in the following conference series:

Abstract

With the rapid development of Android platform, the number of Android malwares is growing rapidly. Due to the limitations of traditional static and runtime Android malware analysis methods, machine learning based approaches are widely adopted recently. Whereas, evading methods are also emerging, e.g. data set pollution, feature modification. Current feature modifications are mainly based on high-level features such as API calls or sensitive permissions. Our contribution is to show it is also feasible to deceive the detectors by modifying underlying features. Through this confusion, detector deceiving can be achieved. An Android malware opcode distribution feature modification system AndrOpGAN was proposed. To adjust the opcode distribution of malware, Deep Convolution Generative Adversarial Networks (DCGAN) was proposed to generate opcodes distribution features, and opcodes would be inserted through an Opcode Frequency Optimal Adjustment algorithm (OFOA). OFOA module can keep the APK running normally after insertion with a low modification cost. Test results against four detectors show that more than 99% APKs processed by AndrOpGAN could bypass detections successfully. Test results against VirusTotal shows that, the number of successful detection engines decreased 20%–44%. AndrOpGAN validates the feasibility of such attacks based on underlying feature modifications and provides a prototype system for researchers to improve detector’s performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/tianwaifeidie/AndrOpGAN.

References

  1. The special report on Android malwares of 2019. http://pub-shbt.s3.360.cn/cert-public-file/2019年Android恶意软件专题报告.pdf

  2. Radford, A., Metz, L., Chintala, S.: Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint arXiv:1511.06434 (2015)

  3. Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470–478. ACM (2004)

    Google Scholar 

  4. Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, pp. 2672–2680 (2014)

    Google Scholar 

  5. Rosenberg, I., Shabtai, A., Rokach, L., et al.: Generic black-box end-to-end attack against RNNs and other API calls based malware classifiers (2017)

    Google Scholar 

  6. Chen, S., Xue, M., Fan, L., et al.: Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput. Secur. (2017). S0167404817302444

    Google Scholar 

  7. Chen, L., Hou, S., Ye, Y.: Securedroid: enhancing security of machine learning-based detection against adversarial android malware attacks. In: Proceedings of the 33rd Annual Computer Security Applications Conference, ACSAC 2017, pp. 362–372 (2017)

    Google Scholar 

  8. Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4

    Chapter  Google Scholar 

  9. Chen, S., et al.: Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput. Secur. 73, 326–344 (2018)

    Article  Google Scholar 

  10. Yang, W., Kong, D., Xie, T., Gunter, C.A.: Malware detection in adversarial settings: exploiting feature evolutions and confusions in android apps. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 288–302. ACM (2017)

    Google Scholar 

  11. Yildiz, O., Doğru, I.A.: Permission-based android malware detection system using feature selection with genetic algorithm. Int. J. Softw. Eng. Knowl. Eng. 29(02), 245–262 (2019)

    Article  Google Scholar 

  12. Fan, M., Luo, X., Liu, J., et al.: Graph embedding based familial analysis of android malware using unsupervised learning. In: Proceedings of the 41st International Conference on Software Engineering, pp. 771–782. IEEE Press (2019)

    Google Scholar 

  13. Pektaş, A., Acarman, T.: Learning to detect android malware via opcode sequences. Neurocomputing 396, 599–608 (2019)

    Article  Google Scholar 

  14. Singh, A.K., Jaidhar, C.D., Kumara, M.A.A.: Experimental analysis of android malware detection based on combinations of permissions and API-calls. J. Comput. Virol. Hacking Tech. 15, 1–10 (2019)

    Article  Google Scholar 

  15. Kovacheva, A.: Efficient code obfuscation for android. In: Papasratorn, B., Charoenkitkarn, N., Vanijja, V., Chongsuphajaisiddhi, V. (eds.) IAIT 2013. CCIS, vol. 409, pp. 104–119. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03783-7_10

    Chapter  Google Scholar 

  16. Chen, S., Xue, M., Fan, L., et al.: Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput. Secur. (2017). S0167404817302444

    Google Scholar 

  17. Grosse, K., Papernot, N., Manoharan, P., et al.: Adversarial perturbations against deep neural networks for malware classification (2016)

    Google Scholar 

  18. Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN (2017)

    Google Scholar 

  19. Hu, W., Tan, Y.: Black-box attacks against RNN based malware detection algorithms (2017)

    Google Scholar 

  20. Anderson, H.S., Kharkar, A., Filar, B., et al.: Learning to evade static PE machine learning malware models via reinforcement learning (2018)

    Google Scholar 

  21. Guen Kim, T., Joong Kang, B., Rho, M., Sezer, S., Im, E.G.: A multimodal deep learning method for android malware detection using various features. IEEE Trans. Inf. Forensics Secur. 14(3), 773–788 (2018). https://doi.org/10.1109/TIFS.2018.2866319

    Article  Google Scholar 

  22. Kang, B.J., Yerima, S.Y., Mclaughlin, K., et al.: N-opcode analysis for android malware classification and categorization (2016)

    Google Scholar 

  23. Chen, T., Mao, Q., Yang, Y., et al.: TinyDroid: a lightweight and efficient model for android malware detection and classification. Mob. Inf. Syst. 2018, 1–9 (2018)

    Google Scholar 

  24. Microsoft Malware. https://www.kaggle.com/c/malware-classification

  25. https://virusshare.com/. Accessed 2018

Download references

Author information

Authors and Affiliations

  1. Institute of Command Control Engineering, Army Engineering University of PLA, Nanjing, 210007, Jiangsu, China

    Xuetao Zhang, Jinshuang Wang & Meng Sun

Authors
  1. Xuetao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinshuang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Meng Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yao Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jinshuang Wang .

Editor information

Editors and Affiliations

  1. Xidian University, Xi'an, China

    Xiaofeng Chen

  2. Guangzhou University, Guangzhou, China

    Hongyang Yan

  3. Michigan State University, East Lansing, MI, USA

    Qiben Yan

  4. Division of Computer, Electrical and Mathematical Sciences and Engineering, King Abdullah University of Science, Thuwal, Saudi Arabia

    Xiangliang Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, X., Wang, J., Sun, M., Feng, Y. (2020). AndrOpGAN: An Opcode GAN for Android Malware Obfuscations. In: Chen, X., Yan, H., Yan, Q., Zhang, X. (eds) Machine Learning for Cyber Security. ML4CS 2020. Lecture Notes in Computer Science(), vol 12486. Springer, Cham. https://doi.org/10.1007/978-3-030-62223-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62223-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62222-0

  • Online ISBN: 978-3-030-62223-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation