SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack
The increasing trend of using learning-based Android malware detectors has resulted in a rise in the adversarial attack against such detectors. Despite Artificial Intelligence having high capability, it lacks robustness against adversarial attacks. As such, many learning-based detectors have come ou...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/148000 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-148000 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1480002021-04-22T04:51:37Z SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack Ang, Hao Jie Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering::Computing methodologies The increasing trend of using learning-based Android malware detectors has resulted in a rise in the adversarial attack against such detectors. Despite Artificial Intelligence having high capability, it lacks robustness against adversarial attacks. As such, many learning-based detectors have come out with ways to defend against them. Currently, many of the adversarial attacking tools readily available only inject dead code, which can never be executed, and require to inject many benign features into a malicious APK. This can easily be noticeable by program analysis techniques to detect dead code. As such, SeqNinja aims to bring the adversarial attack to the next level by injecting a payload that allows execution without breaking the app’s original functionalities. These payloads are obtained from benign APK at Smali level and normalized into usable code snippets. The extracted Smali codes are carefully selected by filtering out ‘user-visible’ APIs or Intents. As such, payloads are able to be executed without any visible change noticeable by the user. Extracting Smali code from any benign APKs also allows many varieties of payloads as compared to other adversarial tools that use limited customized payloads stored in a database. Payloads can be injected into any location of the file based on sequence position or on the launcher class. Experiments were conducted to prove that randomly extracted payloads from any benign apps are able to execute without causing any ‘user-visible’ behaviors or crashing the app when running the app in an Android emulator. Bachelor of Engineering (Computer Engineering) 2021-04-22T04:51:37Z 2021-04-22T04:51:37Z 2021 Final Year Project (FYP) Ang, H. J. (2021). SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/148000 https://hdl.handle.net/10356/148000 en SCSE20-0192 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Computing methodologies |
| spellingShingle |
Engineering::Computer science and engineering::Computing methodologies Ang, Hao Jie SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack |
| description |
The increasing trend of using learning-based Android malware detectors has resulted in a rise in the adversarial attack against such detectors. Despite Artificial Intelligence having high capability, it lacks robustness against adversarial attacks. As such, many learning-based detectors have come out with ways to defend against them. Currently, many of the adversarial attacking tools readily available only inject dead code, which can never be executed, and require to inject many benign features into a malicious APK. This can easily be noticeable by program analysis techniques to detect dead code. As such, SeqNinja aims to bring the adversarial attack to the next level by injecting a payload that allows execution without breaking the app’s original functionalities. These payloads are obtained from benign APK at Smali level and normalized into usable code snippets. The extracted Smali codes are carefully selected by filtering out ‘user-visible’ APIs or Intents. As such, payloads are able to be executed without any visible change noticeable by the user. Extracting Smali code from any benign APKs also allows many varieties of payloads as compared to other adversarial tools that use limited customized payloads stored in a database. Payloads can be injected into any location of the file based on sequence position or on the launcher class. Experiments were conducted to prove that randomly extracted payloads from any benign apps are able to execute without causing any ‘user-visible’ behaviors or crashing the app when running the app in an Android emulator. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Ang, Hao Jie |
| format |
Final Year Project |
| author |
Ang, Hao Jie |
| author_sort |
Ang, Hao Jie |
| title |
SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack |
| title_short |
SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack |
| title_full |
SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack |
| title_fullStr |
SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack |
| title_full_unstemmed |
SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack |
| title_sort |
seqninja : automatic payload re-construction and manipulation in sequence-based android adversarial attack |
| publisher |
Nanyang Technological University |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/148000 |
| _version_ |
1698713654539583488 |