Research On Adversarial Technology For Malware Classification Model

With the development and popularization of Mobile Internet technology,more and more intelligent mobile terminal devices are used in people's work,study and daily life.Among all kinds of intelligent operating systems,the Android system occupies the largest market share due to its open source features.Android platform also has a convenient environment for the generation,propagation and mutation of malware,thus Android has become the main target of hacker attacks.Malware widely exists in various types of intelligent terminals and network equip-ment,causing hundreds of millions of losses every year.As the scale of malware has skyrocketed,machine learning techniques have also been widely used in the field of malware analysis.Machine learning shows good results and has gradually become a mainstream method of malware analysis.However,studies have found that machine learning models are extremely vulnerable to adversarial example attacks,which means machine learning-based malware analysis methods also being vulnerable to adversar-ial example attacks.Studying the adversarial example attack algorithm can not only promote the development of related defense algorithms,but also can promote the gen-eration of more effective and robust malware analysis methods.Different machine learning models use different algorithms and different charac-teristics of malware as the basis of classification,so the attack methods against them will also be different.We must also consider the feasibility of the attack in reality,and whether the generated malware adversarial examples can maintain the original function,while some of the existing attack methods did not consider it.This paper focused on the Android malware classification model based on gray-scale images,explored how to modify the Android executable file without affecting the original function,making it an adversarial example and interfering the corresponding malware analysis model.The main contributions are as follows:1.Aiming at the Android malware classification model based on gray-scale images,a method for generating executable adversarial examples based on gray-scale im-ages was proposed,which contains two attack modes:non-targeted attack and targeted attack.Starting with gray-scale images,the One Pixel Attack algorithm was modified to generate image adversarial examples,and then the generated image adversarial examples will be converted into executable program adversar-ial examples.Some existing adversarial example generation methods can not produce a real program file,while the executable adversarial examples can be installed,executed,and propagated in the form of programs,and can keep their original software functions unchanged.We designed experiment to realize the generation of executable adversarial examples.Experimental results showed that the executable adversarial examples based on gray-scale images can decrease the accuracy of the malware classification model from 96.6%to 7%.The application interface is basically the same as the original program,and manual detection is impossible to notice.At last,effectiveness of the executable adversarial exam-ples was analyzed,and several possible defense schemes were proposed to build a more robust malware families classification method.2.Aiming at the Android malware classification model based on gray-scale images,a method for generating executable adversarial examples based on code injection was proposed.We disassembled the Android executable file to obtain the Smali files,inserted redundant code in,which can change the code structure of the exe-cutable file.We also proposed two attack modes:non-targeted attack and targeted attack,which can generate executable adversarial examples that can maintain the original functions.The executable adversarial examples generated based on code injection can make 100%misclassification to the machine learning model.The generated adversarial examples can also run normally on Android devices,and the application interface is the same as the original program.At last,we analyzed the effectiveness of the executable adversarial example,and proposed several possible defense methods.