The function call graph (FCG) based Android malware detection methods have recently attracted increasing attention due to their promising performance. However, these methods are susceptible to adversarial examples (AEs). In this paper, we design a novel black-box AE attack towards the FCG based malware detection system, called BagAmmo. To mislead its target system, BagAmmo purposefully perturbs the FCG feature of malware through inserting "never-executed" function calls into malware code. The main challenges are two-fold. First, the malware functionality should not be changed by adversarial perturbation. Second, the information of the target system (e.g., the graph feature granularity and the output probabilities) is absent. To preserve malware functionality, BagAmmo employs the try-catch trap to insert function calls to perturb the FCG of malware. Without the knowledge about feature granularity and output probabilities, BagAmmo adopts the architecture of generative adversarial network (GAN), and leverages a multi-population co-evolution algorithm (i.e., Apoem) to generate the desired perturbation. Every population in Apoem represents a possible feature granularity, and the real feature granularity can be achieved when Apoem converges. Through extensive experiments on over 44k Android apps and 32 target models, we evaluate the effectiveness, efficiency and resilience of BagAmmo. BagAmmo achieves an average attack success rate of over 99.9% on MaMaDroid, APIGraph and GCN, and still performs well in the scenario of concept drift and data imbalance. Moreover, BagAmmo outperforms the state-of-the-art attack SRL in attack success rate.
翻译:功能调用图( FCG), 以Android 为基础的调用恶意软件检测方法最近因其有希望的性能而引起越来越多的关注。 但是, 这些方法很容易被对抗性例子( AEs) 所使用。 在本文中, 我们设计了一个新颖的黑盒 AE 攻击以FCG为基础的恶意软件检测系统, 称为 BagAmmo。 为了误导其目标系统, BagAmmo 故意地触动 FCG 的恶意软件特性, 插入“ 从未执行” 功能, 将“ 从未执行” 功能调用到恶意软件代码。 主要的挑战是双重的。 首先, 恶意软件功能的功能不应被对抗性干扰。 第二, 目标系统( 例如, 图形特性颗粒度和输出概率) 缺乏信息。 为了保存恶意功能, BagAmammo 使用试捕捉陷阱来插入 FCGGG 。 在对特性变形和输出概率中, BAAA- 目标性网络( GANAN) 的变现性- 和结果变变变变变的模型, 。</s>