Abstract
With the rapid development of Android platform, the number of Android malwares is growing rapidly. Due to the limitations of traditional static and runtime Android malware analysis methods, machine learning based approaches are widely adopted recently. Whereas, evading methods are also emerging, e.g. data set pollution, feature modification. Current feature modifications are mainly based on high-level features such as API calls or sensitive permissions. Our contribution is to show it is also feasible to deceive the detectors by modifying underlying features. Through this confusion, detector deceiving can be achieved. An Android malware opcode distribution feature modification system AndrOpGAN was proposed. To adjust the opcode distribution of malware, Deep Convolution Generative Adversarial Networks (DCGAN) was proposed to generate opcodes distribution features, and opcodes would be inserted through an Opcode Frequency Optimal Adjustment algorithm (OFOA). OFOA module can keep the APK running normally after insertion with a low modification cost. Test results against four detectors show that more than 99% APKs processed by AndrOpGAN could bypass detections successfully. Test results against VirusTotal shows that, the number of successful detection engines decreased 20%–44%. AndrOpGAN validates the feasibility of such attacks based on underlying feature modifications and provides a prototype system for researchers to improve detector’s performance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The special report on Android malwares of 2019. http://pub-shbt.s3.360.cn/cert-public-file/2019年Android恶意软件专题报告.pdf
Radford, A., Metz, L., Chintala, S.: Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint arXiv:1511.06434 (2015)
Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470–478. ACM (2004)
Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, pp. 2672–2680 (2014)
Rosenberg, I., Shabtai, A., Rokach, L., et al.: Generic black-box end-to-end attack against RNNs and other API calls based malware classifiers (2017)
Chen, S., Xue, M., Fan, L., et al.: Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput. Secur. (2017). S0167404817302444
Chen, L., Hou, S., Ye, Y.: Securedroid: enhancing security of machine learning-based detection against adversarial android malware attacks. In: Proceedings of the 33rd Annual Computer Security Applications Conference, ACSAC 2017, pp. 362–372 (2017)
Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4
Chen, S., et al.: Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput. Secur. 73, 326–344 (2018)
Yang, W., Kong, D., Xie, T., Gunter, C.A.: Malware detection in adversarial settings: exploiting feature evolutions and confusions in android apps. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 288–302. ACM (2017)
Yildiz, O., Doğru, I.A.: Permission-based android malware detection system using feature selection with genetic algorithm. Int. J. Softw. Eng. Knowl. Eng. 29(02), 245–262 (2019)
Fan, M., Luo, X., Liu, J., et al.: Graph embedding based familial analysis of android malware using unsupervised learning. In: Proceedings of the 41st International Conference on Software Engineering, pp. 771–782. IEEE Press (2019)
Pektaş, A., Acarman, T.: Learning to detect android malware via opcode sequences. Neurocomputing 396, 599–608 (2019)
Singh, A.K., Jaidhar, C.D., Kumara, M.A.A.: Experimental analysis of android malware detection based on combinations of permissions and API-calls. J. Comput. Virol. Hacking Tech. 15, 1–10 (2019)
Kovacheva, A.: Efficient code obfuscation for android. In: Papasratorn, B., Charoenkitkarn, N., Vanijja, V., Chongsuphajaisiddhi, V. (eds.) IAIT 2013. CCIS, vol. 409, pp. 104–119. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03783-7_10
Chen, S., Xue, M., Fan, L., et al.: Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput. Secur. (2017). S0167404817302444
Grosse, K., Papernot, N., Manoharan, P., et al.: Adversarial perturbations against deep neural networks for malware classification (2016)
Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN (2017)
Hu, W., Tan, Y.: Black-box attacks against RNN based malware detection algorithms (2017)
Anderson, H.S., Kharkar, A., Filar, B., et al.: Learning to evade static PE machine learning malware models via reinforcement learning (2018)
Guen Kim, T., Joong Kang, B., Rho, M., Sezer, S., Im, E.G.: A multimodal deep learning method for android malware detection using various features. IEEE Trans. Inf. Forensics Secur. 14(3), 773–788 (2018). https://doi.org/10.1109/TIFS.2018.2866319
Kang, B.J., Yerima, S.Y., Mclaughlin, K., et al.: N-opcode analysis for android malware classification and categorization (2016)
Chen, T., Mao, Q., Yang, Y., et al.: TinyDroid: a lightweight and efficient model for android malware detection and classification. Mob. Inf. Syst. 2018, 1–9 (2018)
Microsoft Malware. https://www.kaggle.com/c/malware-classification
https://virusshare.com/. Accessed 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, X., Wang, J., Sun, M., Feng, Y. (2020). AndrOpGAN: An Opcode GAN for Android Malware Obfuscations. In: Chen, X., Yan, H., Yan, Q., Zhang, X. (eds) Machine Learning for Cyber Security. ML4CS 2020. Lecture Notes in Computer Science(), vol 12486. Springer, Cham. https://doi.org/10.1007/978-3-030-62223-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-62223-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62222-0
Online ISBN: 978-3-030-62223-7
eBook Packages: Computer ScienceComputer Science (R0)