Research On GAN-based Android Malware Adversarial Example Defense Technology

To cope with the evolving Android malware attacks,there have been many studies using machine learning for detection.Some studies have shown that the adversarial examples constructed by modifying the attack algorithms in the field of computer vision can successfully attack the Android malware detection system based on machine learning.However,as far as we know,currently there is basically no research on defense against such attacks.This thesis extends and optimizes a GAN-based adversarial examples defense framework in the domain of computer vision,and constructs a defense framework DD_GAN that can effectively defend against adversarial examples in the domain of Android malware detection.(1)In order to train a GAN with sufficient expression and generation capabilities,on the one hand,three feature selection methods were systematically evaluated and analyzed,Variance Threshold is finally selected to perform dimensionality reduction preprocessing on the data,reducing the training difficulty of GAN;on the other hand,the network structure of GAN generator and discriminator suitable for Android malware detection is redesigned.(2)Compared to Defense-GAN,DD_GAN adds post-processing to the output of the GAN generator and integrates attack detection into the defense process.(3)The effects of the three optimization algorithms on DD_GAN reconstruction samples are systematically evaluated and analyzed,and Adam is finally selected.In order to better evaluate the defense effect of DD_GAN,on the one hand,this thesis modifies and expands the C&W attack in the domain of computer vision,and proposes the Droid-C&W attack;on the other hand,the defense method SecureDroid that is not originally used for neural networks is modified and extended,and M-SecureDroid is proposed to compare the defense effect with DD_GAN.In addition,this thesis trains an Android malware detection model as an attack defense object.This thesis evaluates the effect of DD_GAN on Anonymous attack,JSMA-Z attack and Droid-C&W attack on the Drebin dataset.DD_GAN can effectively defend the above-mentioned attacks without changing the original model,basically not affecting the effect of the original model,not knowing the type of attack and applying to various models.In particular,even when an attacker modifies a large number of features,DD GAN can still find the adversarial example through attack detection.