基于特征恶意度排序的恶意软件对抗防御模型

Malicious Software Adversarial Defense Model Based on Feature Severity Ranking

深度学习模型应用于安卓恶意软件检测可以使检测的准确率不断提升,但对抗样本可以轻易规避深度学习模型的检测,导致深度学习模型的检测能力受到质疑。对于安卓恶意软件的对抗攻击,现阶段多采用对抗训练方法进行防御,文章针对对抗训练在面对多类型对抗样本时表现较差的问题,提出特征恶意度的概念。特征恶意度通过计算特征的恶意程度对特征进行排序,利用排序后的特征构建一个具有对抗防御能力的恶意软件对抗防御模型FMP(Feature Maliciousness Processing),该模型可以提取待检测软件的高恶意度特征进行检测,避免出现对抗扰动导致的模型错误分类问题。在开源数据集DefenceDroid上,相比于对抗训练方法和其他特征选择方法,FMP模型所采用的特征选择方法有效提高了对各类对抗样本的检测率,在多种对抗样本的攻击下具有较好的鲁棒性。

The application of deep learning models in the detection of Android malware can continuously improved the accuracy of detection.However,with the proposal of adversarial examples,these examples can easily evade detection by deep learning models,leading to questions about the detection capabilities of deep learning models.To counteract adversarial attacks on Android malicious software,current approaches often employ adversarial training for defense.This paper addressed the limitation of adversarial training in dealing with various types of adversarial examples and proposed the concept of feature maliciousness.Feature maliciousness involved ranking features based on their malicious nature,and this ranked feature set was utilized to construct a malicious software adversarial defense model with adversarial defense capabilities,termed the feature maliciousness processing(FMP)detector.This model extracted high-maliciousness features from the software under consideration,mitigating the problem of model misclassification caused by adversarial perturbations.On the open-source dataset DefenceDroid,the feature selection method employed by the FMP detector significantly enhances the detection rates for various types of adversarial examples compared to adversarial training and other feature selection methods.Under multiple adversarial example attacks,the FMP detector demonstrats the highest level of robust performance.