# On Defending Against Label Flipping Attacks on Malware Detection Systems

**Authors:** Rahim Taheri, Reza Javidan, Mohammad Shojafar, Zahra Pooranian, Ali, Miri, Mauro Conti

arXiv: 1908.04473 · 2020-06-17

## TL;DR

This paper introduces novel deep learning-based defenses against label flipping attacks in Android malware detection within IoT systems, demonstrating significant accuracy improvements over existing methods.

## Contribution

It proposes two CNN-based semi-supervised defense algorithms, LSD and CSD, specifically designed to counter Silhouette Clustering-based Label Flipping Attacks in malware detection.

## Key findings

- Defense algorithms improve accuracy up to 19% over state-of-the-art.
- Effective label correction demonstrated on three Android datasets.
- Varying features and parameters enhances detection robustness.

## Abstract

Label manipulation attacks are a subclass of data poisoning attacks in adversarial machine learning used against different applications, such as malware detection. These types of attacks represent a serious threat to detection systems in environments having high noise rate or uncertainty, such as complex networks and Internet of Thing (IoT). Recent work in the literature has suggested using the $K$-Nearest Neighboring (KNN) algorithm to defend against such attacks. However, such an approach can suffer from low to wrong detection accuracy. In this paper, we design an architecture to tackle the Android malware detection problem in IoT systems. We develop an attack mechanism based on Silhouette clustering method, modified for mobile Android platforms. We proposed two Convolutional Neural Network (CNN)-type deep learning algorithms against this \emph{Silhouette Clustering-based Label Flipping Attack (SCLFA)}. We show the effectiveness of these two defense algorithms - \emph{Label-based Semi-supervised Defense (LSD)} and \emph{clustering-based Semi-supervised Defense (CSD)} - in correcting labels being attacked. We evaluate the performance of the proposed algorithms by varying the various machine learning parameters on three Android datasets: Drebin, Contagio, and Genome and three types of features: API, intent, and permission. Our evaluation shows that using random forest feature selection and varying ratios of features can result in an improvement of up to 19\% accuracy when compared with the state-of-the-art method in the literature.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1908.04473/full.md

## Figures

42 figures with captions in the complete paper: https://tomesphere.com/paper/1908.04473/full.md

## References

38 references — full list in the complete paper: https://tomesphere.com/paper/1908.04473/full.md

---
Source: https://tomesphere.com/paper/1908.04473