Efficient Query-Based Attack against ML-Based Android Malware Detection under Zero Knowledge Setting

TL;DR

This paper presents AdvDroidZero, a query-based attack framework that effectively compromises ML-based Android malware detection systems without prior knowledge, highlighting vulnerabilities in real-world scenarios.

Contribution

Introduces AdvDroidZero, a novel zero-knowledge query-based attack method against ML-based Android malware detection, expanding understanding of their vulnerabilities.

Findings

Effective against mainstream ML-based AMD methods

Vulnerable to real-world antivirus solutions

Operates without prior knowledge of models or data

Abstract

The widespread adoption of the Android operating system has made malicious Android applications an appealing target for attackers. Machine learning-based (ML-based) Android malware detection (AMD) methods are crucial in addressing this problem; however, their vulnerability to adversarial examples raises concerns. Current attacks against ML-based AMD methods demonstrate remarkable performance but rely on strong assumptions that may not be realistic in real-world scenarios, e.g., the knowledge requirements about feature space, model parameters, and training dataset. To address this limitation, we introduce AdvDroidZero, an efficient query-based attack framework against ML-based AMD methods that operates under the zero knowledge setting. Our extensive evaluation shows that AdvDroidZero is effective against various mainstream ML-based AMD methods, in particular, state-of-the-art such methods and real-world antivirus solutions.