Abstract

Label manipulation attacks are a subclass of data poisoning attacks in adversarial machine learning used against different applications, such as malware detection. These types of attacks represent a serious threat to detection systems in environments having high noise rate or uncertainty, such as complex networks and Internet of Thing (IoT). Recent work in the literature has suggested using the K-nearest neighboring algorithm to defend against such attacks. However, such an approach can suffer from low to miss-classification rate accuracy. In this paper, we design an architecture to tackle the Android malware detection problem in IoT systems. We develop an attack mechanism based on silhouette clustering method, modified for mobile Android platforms. We proposed two convolutional neural network-type deep learning algorithms against this Silhouette Clustering-based Label Flipping Attack. We show the effectiveness of these two defense algorithms—label-based semi-supervised defense and clustering-based semi-supervised defense—in correcting labels being attacked. We evaluate the performance of the proposed algorithms by varying the various machine learning parameters on three Android datasets: Drebin, Contagio, and Genome and three types of features: API, intent, and permission. Our evaluation shows that using random forest feature selection and varying ratios of features can result in an improvement of up to 19% accuracy when compared with the state-of-the-art method in the literature.

中文翻译：

---

关于防御恶意软件检测系统的标签翻转攻击

摘要

标签操纵攻击是对抗机器学习中针对不同应用程序（例如恶意软件检测）的数据中毒攻击的子类。在复杂的网络和物联网（IoT）等具有高噪声率或不确定性的环境中，这些类型的攻击对检测系统构成了严重威胁。文献中的最新工作建议使用K-最近邻算法以防御此类攻击。但是，这种方法可能会遭受低到误分类率的准确性。在本文中，我们设计了一种架构来解决物联网系统中的Android恶意软件检测问题。我们开发了一种基于剪影聚类方法的攻击机制，并针对移动Android平台进行了修改。针对这种基于剪影聚类的标签翻转攻击，我们提出了两种卷积神经网络型深度学习算法。我们展示了这两种防御算法的有效性-基于标签的半监督防御和基于聚类的半监督防御—纠正被攻击的标签。我们通过更改三个Android数据集（Drebin，Contagio和Genome）以及三种类型的功能（API，意图和权限）上的各种机器学习参数，来评估所提出算法的性能。我们的评估表明，与文献中的最新方法相比，使用随机森林特征选择和特征比率变化可以使精度提高多达19％。