Paper Info
Title
Malware Collusion Attack Against Machine Learning Based Methods: Issues And Countermeasures
Abstract
Android has become the most popular platform for mobile devices, and also it has become a popular target for malware developers. At the same time, researchers have proposed a large number of methods, both static and dynamic analysis methods, to fight against malwares. Among these, Machine learning based methods are quite effective in Android malware detection, the accuracy of which can be up to 98%. Thus, malware developers have the incentives to develop more advanced malwares to evade detection. This paper presents an adversary attack pattern that will compromise current machine learning based malware detection methods. The malware developers can perform this attack easily by splitting malicious payload into two or more apps. The split apps will all be classified as benign by current methods. Thus, we proposed a method to deal with this issue. This approach, realized in a tool, called ColluDroid, can identify the collusion apps by analyzing the communication between apps. The evaluation results show that ColluDroid is effective in finding out the collusion apps. Also, we showed that it's easy to split an app to evade detection. According to our split simulation, the evasion rate is 78%, when split into two apps; while the evasion rate comes to 94.8%, when split into three apps.
Year
DOI
Venue
2018
10.1007/978-3-030-00018-9_41
CLOUD COMPUTING AND SECURITY, PT V
Keywords
Field
DocType
Android security, Machine learning, Collusion attack
Countermeasure,Android (operating system),Computer science,Android malware,Mobile device,Artificial intelligence,Adversary,Malware,Machine learning,Collusion,Payload
Conference
Volume
ISSN
Citations 
11067
0302-9743
0
PageRank 
References 
Authors
0.34
7
5
Name
Order
Citations
PageRank
Hongyi Chen19510.61
Su, Jinshu275096.41
Lin-Bo Qiao32310.80
Yi Zhang4121.77
Qin Xin511.37