HELENOS - Resisting to Massive proliferation of new Android malware threats

Publié le
Equipe
Date de début de thèse (si connue)
dès que possible
Lieu
Rennes INRIA
Unité de recherche
IRISA - UMR 6074
Description du sujet de la thèse

Context.

Android is now the most used operating system with 86% market shares. Thanks to an active developer community, the application ecosystem gets bigger everyday. For example, Google Play Store holds
3.3 million applications with a rate of more than 50 000 submissions a month. Estimations indicate that more than 75 billions applications were downloaded on the platform in 2016. Consequently, due to its widespread popularity, the Android platform has become a lucrative target for hackers. Hence Android constitutes one of the first choice platform to propagate malware threats. Infection rate on Android devices is constantly increasing spawned out by a dramatic proliferation of malware. Nowadays there are no satisfactory solutions to stop the proliferation of malware over Android devices.It constitutes a severe threat to any businesses. It may interrupts and disables applications, retrieved and spoofed personal information and identity, access sensitive information, control all applications executing on users’ device, and even overcharge users for functionality that’s widely available.

 

Objective. Evaluating the true robustness of anti-malware scanners through the design of bench-marks and key indicators with the use of innovative measurements techniques based on generativea dversarial networks. To automate the robustness evaluation of anti-malware scanners against thesteady increase of malware variants, we propose to generate Android adversarial examples (AAEs) dedicated to Android based on generative adversarial networks (GANs) techniques. The robustness is evaluated in terms of performance degradation of scanners. One underlying purpose is to demonstrate the strong inability of existing scanners to detect sophisticated malware that have mutated. So far, few attempts have been done to generate AAEs for Android. Most of them (16; 6; 7) are only altering basic features without altering the malware bytecode reducing so drastically both its applicability and its interest. Crafting AE has been mostly successful in continuous domains, such as images, where with small perturbations it is possible to change its classification while being invisible from the human eyes. However, in constrained discrete domains where the classification relies on domain specific features vectors, perturbations on feature vectors may lead to corrupted malicious payload, and hence to dysfunctional malwares [1]. The purpose of this thesis is to be able to generate Android Adversarial Examples (AAEs) to evaluate the robustness against adversarial attacks of the state of the art malware scanners from both the academia and industry. This thesis is at the intersection among machine learning, artificial intelligence, system and mobile programming, Android, and static analysis.

Bibliographie

[1] F. Pierazzi, F. Pendlebury, J. Cortellazzi, and L. Cavallaro, “Intriguing properties of adversarialML attacks in the problem space,” in 2020 IEEE Symposium on Security and Privacy, SP 2020, SanFrancisco, CA, USA, May 18-21, 2020. IEEE, 2020, pp. 1332–1349.

[16] W. Yang, D. Kong, T. Xie, and C. A. Gunter, “Malware detection in adversarial settings : Ex-ploiting feature evolutions and confusions in android apps,” in Proceedings of the 33rd Annual Com-puter Security Applications Conference, Orlando, FL, USA, December 4-8, 2017 , 2017, pp. 288–302.

[6] L. Chen, S. Hou, and Y. Ye, “Securedroid : Enhancing security of machine learning-baseddetec- tion against adversarial android malware attacks,” in Proceedings of the 33rd Annual Compu-ter Security Applications Conference, Orlando, FL, USA, December 4-8, 2017 , 2017, pp. 362–372.

[7] S. Chen, M. Xue, L. Fan, S. Hao, L. Xu, H. Zhu, and B. Li, “Automated poisoning attacksand defenses in malware detection systems : An adversarial machine learning approach,” ComputersSecurity, vol. 73, pp. 326–344, 2018

Liste des encadrants et encadrantes de thèse

Nom, Prénom
BROMBERG David
Type d'encadrement
Directeur.trice de thèse
Unité de recherche
IRISA
Contact·s
Mots-clés
ndroid, security, malware, machine learning, adversarial examples, systemprogramming, code analysis