AdvAttack: Adversarial attack against machine learning-based Android malware detection models
摘要
Android malware detection has become an essential area of cybersecurity, but the rise of adversarial attacks poses significant risks to the effectiveness of current detection systems. Existing adversarial attack methods face great limitations, especially the imprecision of perturbations generated by random combinations or opaque processes, lack of interpretability. This results in an inability to balance high query efficiency with a high success rate in bypassing detection systems. To address these issues, we propose AdvAttack, a novel black-box adversarial attack framework, which specifically targets static feature-based Android malware detection models. AdvAttack leverages a combination of sensitive function call graph (SFCG) analysis and perturbation insertion techniques to generate highly effective adversarial samples. Our framework introduces a precise perturbation set construction process based on the relationships between sensitive API calls, which ensures high success rates in evading detection while maintaining malware functionality. We evaluated AdvAttack against four advanced detection methods: APIGraph, MaMaDroid, CNN-LSTM and DC-GAN. The results show that AdvAttack can achieve an average attack success rate of over 95% with a query budget of 40. Compared to existing attack methods, AdvAttack strikes a better balance between attack success rate and query efficiency. Additionally, we demonstrate the threat posed by adversarial samples through poisoning attacks on classification models. Finally, the experimental results demonstrate that AdvAttack exhibits superior performance in attacking commercial antivirus (AV) engines.