Authors, Creators & Presenters: Heng Li (Huazhong University of Science and Technology), Zhiyuan Yao (Huazhong University of Science and Technology), Bang Wu (Huazhong University of Science and Technology), Cuiying Gao (Huazhong University of Science and Technology), Teng Xu (Huazhong University of Science and Technology), Wei Yuan (Huazhong University of Science and Technology), Xiapu Luo (The Hong Kong Polytechnic University)
PAPER
Automated Mass Malware Factory: The Convergence of Piggybacking and Adversarial Example in Android Malicious Software Generation
Adversarial instance methods have been demonstrated to be extremely efficient towards Android malware detection methods, enabling malware to evade detection with minimal code modifications. However, current adversarial instance methods overlook the method of malware technology, thus limiting the applicability of adversarial instance methods. In this paper, we examine piggybacked malware, a sort of malware generated in bulk by piggybacking malicious code into well-liked apps, and mix it with adversarial instance methods. Given a malicious code section (i.e., a rider), we are able to generate adversarial perturbations tailor-made to it and insert them into any service, enabling the ensuing malware to evade detection. Through exploring the mechanism by which adversarial perturbation impacts piggybacked malware code, we suggest an adversarial piggybacked malware technology methodology, which contains three modules: Malicious Rider Extraction, Adversarial Perturbation Generation, and Benign Carrier Selection. Extensive experiments have demonstrated that our methodology can effectively generate a big quantity of malware in a brief interval, and considerably improve the probability of evading detection. Our methodology achieved a mean assault success charge (ASR) of 88.3% on machine studying-based mostly detection fashions (e.g., Drebin and MaMaDroid), and an ASR of 76% and 92% on business engines Microsoft and Kingsoft, respectively. Furthermore, we have now explored potential defenses towards our adversarial piggybacked malware.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters info trade amongst researchers and practitioners of community and distributed system safety. The target market contains these desirous about sensible facets of community and distributed system safety, with a deal with precise system design and implementation. A serious aim is to encourage and allow the Internet group to use, deploy, and advance the state of obtainable safety applied sciences.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
