SeqAdver: Automatic payload construction and injection in sequence-based Android adversarial attack
Machine learning has achieved a great success in the field of Android malware detection. In order to avoid being caught by these ML-based Android malware detection, malware authors are inclined to initiate adversarial sample attacks by tampering with mobile applications. Although machine learning ha...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8707 https://ink.library.smu.edu.sg/context/sis_research/article/9710/viewcontent/SeqAdver_av.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9710 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-97102024-04-04T09:08:10Z SeqAdver: Automatic payload construction and injection in sequence-based Android adversarial attack ZHANG, Fei FENG, Ruitao XIE, Xiaofei LI, Xiaohong SHI, Lianshuan Machine learning has achieved a great success in the field of Android malware detection. In order to avoid being caught by these ML-based Android malware detection, malware authors are inclined to initiate adversarial sample attacks by tampering with mobile applications. Although machine learning has high capability, it lacks robustness against adversarial attacks. Currently, many of the adversarial attacking tools not only inject dead code into target applications, which can never be executed, but also require the injection of many benign features into a malicious APK. This can be easily noticeable by program analysis techniques. In this paper, we propose SeqAdver, an automatic payload construction and injection tool, which aims to bring the adversarial attack to the next level by injecting a payload that allows execution without breaking the app's original functionalities. These payloads are obtained from benign APKs at the Smali level and normalized into usable code snippets. The extracted Smali codes are carefully selected by filtering out 'user-visible' APIs and Intents. Therefore, payloads are able to be executed without any visible change noticed by the user. Besides, extracted payloads can be injected into different locations of the file based on sequence position or on the launcher class. Experiments were conducted to prove that randomly extracted payloads from benign apps are able to execute without causing any 'user-visible' behaviors or crashing the app when running the app in Android emulators. 2023-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8707 info:doi/10.1109/ICDMW60847.2023.00172 https://ink.library.smu.edu.sg/context/sis_research/article/9710/viewcontent/SeqAdver_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Adversarial attack Android malware Payload injection Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Adversarial attack Android malware Payload injection Information Security |
| spellingShingle |
Adversarial attack Android malware Payload injection Information Security ZHANG, Fei FENG, Ruitao XIE, Xiaofei LI, Xiaohong SHI, Lianshuan SeqAdver: Automatic payload construction and injection in sequence-based Android adversarial attack |
| description |
Machine learning has achieved a great success in the field of Android malware detection. In order to avoid being caught by these ML-based Android malware detection, malware authors are inclined to initiate adversarial sample attacks by tampering with mobile applications. Although machine learning has high capability, it lacks robustness against adversarial attacks. Currently, many of the adversarial attacking tools not only inject dead code into target applications, which can never be executed, but also require the injection of many benign features into a malicious APK. This can be easily noticeable by program analysis techniques. In this paper, we propose SeqAdver, an automatic payload construction and injection tool, which aims to bring the adversarial attack to the next level by injecting a payload that allows execution without breaking the app's original functionalities. These payloads are obtained from benign APKs at the Smali level and normalized into usable code snippets. The extracted Smali codes are carefully selected by filtering out 'user-visible' APIs and Intents. Therefore, payloads are able to be executed without any visible change noticed by the user. Besides, extracted payloads can be injected into different locations of the file based on sequence position or on the launcher class. Experiments were conducted to prove that randomly extracted payloads from benign apps are able to execute without causing any 'user-visible' behaviors or crashing the app when running the app in Android emulators. |
| format |
text |
| author |
ZHANG, Fei FENG, Ruitao XIE, Xiaofei LI, Xiaohong SHI, Lianshuan |
| author_facet |
ZHANG, Fei FENG, Ruitao XIE, Xiaofei LI, Xiaohong SHI, Lianshuan |
| author_sort |
ZHANG, Fei |
| title |
SeqAdver: Automatic payload construction and injection in sequence-based Android adversarial attack |
| title_short |
SeqAdver: Automatic payload construction and injection in sequence-based Android adversarial attack |
| title_full |
SeqAdver: Automatic payload construction and injection in sequence-based Android adversarial attack |
| title_fullStr |
SeqAdver: Automatic payload construction and injection in sequence-based Android adversarial attack |
| title_full_unstemmed |
SeqAdver: Automatic payload construction and injection in sequence-based Android adversarial attack |
| title_sort |
seqadver: automatic payload construction and injection in sequence-based android adversarial attack |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2023 |
| url |
https://ink.library.smu.edu.sg/sis_research/8707 https://ink.library.smu.edu.sg/context/sis_research/article/9710/viewcontent/SeqAdver_av.pdf |
| _version_ |
1814047472198090752 |