GMADV: An android malware variant generation and classification adversarial training framework

被引:6
作者
Li, Shuangcheng [1 ]
Tang, Zhangguo [1 ,2 ]
Li, Huanzhou [1 ]
Zhang, Jian [1 ]
Wang, Han [1 ]
Wang, Junfeng [2 ]
机构
[1] Sichuan Normal Univ, Sch Phys & Elect Engn, Chengdu 610101, Peoples R China
[2] Sichuan Univ, Sch Cyber Sci & Engn, Chengdu 610207, Peoples R China
基金
中国国家自然科学基金;
关键词
Android malware; RGB Markov image; GMM-GAN; Variant amplification;
D O I
10.1016/j.jisa.2024.103800
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Android malware uses anti-reverse analysis and APK shelling technology, which leads to the failure of the classification method based on decompiled features and the reduction of the classification accuracy based on single file features. Moreover, the lack of samples in some families of Android malware makes the classification model based on sample learning ineffective. To solve the above problems, this paper proposes a two-layer general framework for Android malware classification and adversarial training named GMADV, which enhances classifier performance through adversarial training. In the sample classification layer, based on the transformation method of the Markov model, it is proposed for the first time to convert the three files in the APK into RGB Markov images, and use VGG13 to automatically extract features and classification; In the variant amplification layer, the idea of "regression for generation" is firstly proposed, and GMM-GAN based on Gaussian process is designed to amplify the diversity of samples within the family. The experimental results show that RGB Markov images have better classification performance than grayscale images. On the three datasets, the classification effect after amplification has been improved to varying degrees, and all F1_Score reaches 95 %. Compared with other methods, GMADV has stronger family sample amplification ability and greater adversarial intensity.
引用
收藏
页数:14
相关论文
共 31 条
[1]  
[Anonymous], 2015, arXiv
[2]  
[Anonymous], 2014, Workshop on Artificial Intelligent and Security, DOI DOI 10.1145/2666652.2666666
[3]   Drebin: Effective and Explainable Detection of Android Malware in Your Pocket [J].
Arp, Daniel ;
Spreitzenbarth, Michael ;
Huebner, Malte ;
Gascon, Hugo ;
Rieck, Konrad .
21ST ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2014), 2014,
[4]   FAMD: A Fast Multifeature Android Malware Detection Framework, Design, and Implementation [J].
Bai, Hongpeng ;
Xie, Nannan ;
Di, Xiaoqiang ;
Ye, Qing .
IEEE ACCESS, 2020, 8 :194729-194740
[5]   DeepVisDroid: android malware detection by hybridizing image-based features with deep learning techniques [J].
Bakour, Khaled ;
Unver, Halil Murat .
NEURAL COMPUTING & APPLICATIONS, 2021, 33 (18) :11499-11516
[6]   JOWMDroid: Android malware detection based on feature weighting with joint optimization of weight-mapping and classifier parameters [J].
Cai, Lingru ;
Li, Yao ;
Xiong, Zhi .
COMPUTERS & SECURITY, 2021, 100
[7]   Picking on the family: Disrupting android malware triage by forcing misclassification [J].
Calleja, Alejandro ;
Martin, Alejandro ;
Menendez, Hector D. ;
Tapiador, Juan ;
Clark, David .
EXPERT SYSTEMS WITH APPLICATIONS, 2018, 95 :113-126
[8]   Using Generative Adversarial Networks for Data Augmentation in Android Malware Detection [J].
Chen, Yi-Ming ;
Yang, Chun-Hsien ;
Chen, Guo-Chung .
2021 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING (DSC), 2021,
[9]   Adversarial Examples for Malware Detection [J].
Grosse, Kathrin ;
Papernot, Nicolas ;
Manoharan, Praveen ;
Backes, Michael ;
McDaniel, Patrick .
COMPUTER SECURITY - ESORICS 2017, PT II, 2017, 10493 :62-79
[10]  
Hasegawa C, 2018, 2018 IEEE 14TH INTERNATIONAL COLLOQUIUM ON SIGNAL PROCESSING & ITS APPLICATIONS (CSPA 2018), P99, DOI 10.1109/CSPA.2018.8368693