Research And Implementation Of Adversarial Attacks On Personal Information Leakage Detection Model

With the prosperity and development of mobile Internet,more and more mobile applications with rich functions and variety occupy a more important position in people's life.However,there is a hidden crisis in this development.A kind of malware will apply for various permissions of Android system without the user's acknowledge.This abuse of permissions exposes the user's privacy in great danger.However,with the development of machine learning and deep learning,we can use the natural language processing method based on deep neural network,that is,personal information leakage detection model,to identify the declared permissions in Android privacy policy,and then analyze the abuse of Android application permissions from the perspective of consistency compared with the actual use permissions of Android applications.However,with the further study of the deep neural network,we found that this kind of neural network is very fragile.The personal information leakage detection model will be attacked by malicious personnel by generating adversarial samples,so as to bypass the personal information leakage detection model,and make the model identify beyond the scope of authority stated in Android privacy policy,resulting in the failure of correct detection In order to prevent the abuse of authority,the user's personal information is exposed to danger again.In order to show the harmfulness of this new deep learning based counter attack,this paper verifies it from two aspects:black box attack and white box attack(1)For the white box attack,this paper uses the way of replacing some important words from the original sample sentences to attack.Firstly,the gradient direction of the model is obtained by calculating the Jacobian matrix to determine the word importance ranking in the sentence.Then,in the word vector space,several word vectors which are consistent with and close to the word vector direction of each permission word in the existing permission word list are selected as the alternative word replacement scheme.Then,by enumerating the replacement combinations,the prediction probability of the original model of each replacement combination is calculated to determine the use of the alternative combination Which attack way to achieve the best effect.(2)For the black box attack,this paper uses the generative adversarial network,constructs a generator network suitable for this problem based on the characteristics of short sentences in this problem,and constructs a discriminator model according to the information of the given permission vocabulary and the result of model discrimination,trains the network that generates the countermeasure samples,and attacks the original model.(3)Because The Android personal information leak detection engine,this paper also designs and implements An Android personal information leak detection attack engine.The attack framework is divided into user interaction layer,text parsing layer,attack layer,data layer and infrastructure layer,which can generate attack samples for any sample.Finally,the effectiveness of the attack engine is verified by testing.