MaMaDroid2.0 -- The Holes of Control Flow Graphs

Harel Berger, Chen Hajaj, Enrico Mariconti, Amit Dvir

نتاج البحث: ورقة عمل / طبعة اوليةنسخة اولية

ملخص

Android malware is a continuously expanding threat to billions of mobile users around the globe. Detection systems are updated constantly to address these threats. However, a backlash takes the form of evasion attacks, in which an adversary changes malicious samples such that those samples will be misclassified as benign. This paper fully inspects a well-known Android malware detection system, MaMaDroid, which analyzes the control flow graph of the application. Changes to the portion of benign samples in the train set and models are considered to see their effect on the classifier. The changes in the ratio between benign and malicious samples have a clear effect on each one of the models, resulting in a decrease of more than 40% in their detection rate. Moreover, adopted ML models are implemented as well, including 5-NN, Decision Tree, and Adaboost. Exploration of the six models reveals a typical behavior in different cases, of tree-based models and distance-based models. Moreover, three novel attacks that manipulate the CFG and their detection rates are described for each one of the targeted models. The attacks decrease the detection rate of most of the models to 0%, with regards to different ratios of benign to malicious apps. As a result, a new version of MaMaDroid is engineered. This model fuses the CFG of the app and static analysis of features of the app. This improved model is proved to be robust against evasion attacks targeting both CFG-based models and static analysis models, achieving a detection rate of more than 90% against each one of the attacks.
اللغة الأصليةالإنجليزيّة
حالة النشرنُشِر - 28 فبراير 2022

بصمة

أدرس بدقة موضوعات البحث “MaMaDroid2.0 -- The Holes of Control Flow Graphs'. فهما يشكلان معًا بصمة فريدة.

قم بذكر هذا