Research On Robustness Of Malware Detection System Based On Adversarial Examples

With the rapid development of Internet technology,smart devices have become an indispensable part of people's daily life.Most of the smart devices currently on the market are loaded with the Android operating system or the operating system based on it,which is due to the operation system is open source,easy to port and has other features that other operating systems do not have.However,these features also bring high risks to the safe use of smart devices,and the malware problems have caused people a lot of trouble.Most of the current malware detection systems use the neural network architecture,and the neural network models have been proven to be vulnerable to adversarial examples attack.The adversarial examples refer to examples with a small disturbance added to misclassify the model.So the malware detection systems may be attacked and cause a series of problems.Therefore,it is of practical significance to study the robustness of malware detection systems.This thesis starts from the research of adversarial examples in the field of computer vision,and explores the application of adversarial examples attack and defense technology in the field of malware detection.This thesis mainly includes the robust analysis of the malware detection system against adversarial examples and the method of enhancing the robustness of the malware detection system.In this thesis,the forward feedback neural network model is used to simulate the real detection system.Firstly,the impact of the adversarial examples on the robustness of the malware detection system is explored.The methods of attacking malware detection system are designed by using the adversarial examples attack methods commonly used in computer vision fields such as FGSM,IFGSM and JSMA.And the robustness of the detection system is evaluated and analyzed.The experimental evaluation on the DREBIN dataset shows that the designed FGSM*,IFGSM* and JSMA* attack methods can reduce the accuracy of the detection system,and the JSMA* method has the most obvious attack effect.Secondly,this thesis studies how to enhance the robustness of malware detection systems.Aiming at the research field of this thesis,we design a variety of defense methods against adversarial examples attacks and verify the effectiveness of the defense methods through experiments.Experiments show that the feature dimension reduction method will lead to the performance degradation of the model,the distillation network method,the continuous training method,and the ensemble training method can enhance the robustness of the system,and the distillation network method has the most obvious defense effect.This thesis studies the application of adversarial examples in the field of malware detection,and provides a reference for adversarial examples in other applied research fields.