以可解釋性技術協助 Android 惡意軟體檢測模型抵抗對抗式攻擊之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：99

、訪客IP：13.59.38.110

姓名

嚴育程(Yu-Cheng Yan) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

以可解釋性技術協助 Android 惡意軟體檢測模型抵抗對抗式攻擊之研究
(Research on Using Explainability Techniques to Assist Android Malware Detection Models in Resisting Adversarial Attacks)

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2026-7-31以後開放)

摘要(中)

隨著科技進步，行動裝置上眾多應用程式的普及對人類生活帶來了便利，但也成為了惡意攻擊的目標，尤其是佔有70%市場份額的Android。目前研究人員透過人工智慧，特別是利用函式呼叫圖（Function Call Graph, FCG），已經在惡意應用檢測上取得了顯著成效。但攻擊者不斷開發新的對抗手段，對抗式攻擊（Adversarial Attack）就是其中一種策略，它通過微小的修改將原始APK製作成對抗式樣本，使檢測模型判斷錯誤。根據先前的研究，原先檢測率達到90%以上的模型，受到這樣的攻擊時，對抗式樣本的檢測率為0%，這樣的攻擊方法帶非常嚴重的危害。目前已有幾種解決方法，其中對抗式訓練是一種常見的防禦方法，其可以有效的提升檢測對抗式樣本的能力，但會使檢測模型的準確率下降。
本研究將結合解釋性技術（Explainabel AI, XAI）製作對抗式樣本，利用解釋性技術提取模型判斷的特徵重要度排名，以此作為擾動位置的依據修改FCG，通過改變程式結構誤導檢測模型判斷。從模型的角度來看XAI生成的對抗式樣本是針對模型的弱點進行攻擊，利用這些對抗式樣本強化模型的檢測能力，使模型更專注於FCG中的惡意行為，以此來維持模型的準確率。
本研究所提出之方法一般模型訓練時可以達到94%的F1-Score，經過對抗式訓練後可以達到91%的F1-Score。其中對抗式訓練模型可以有效抵禦對抗式攻擊。

摘要(英)

As technology advances, the widespread use of mobile apps has made life easier but also a target for malicious attacks, notably on Android, which holds a 70% market share. AI, especially Function Call Graphs (FCG), has significantly improved malware detection. However, attackers develop new methods, such as adversarial attacks that slightly modify original APKs to fool detection models, drastically reducing their effectiveness. Current solutions include adversarial training, which while effective, decreases model accuracy.
This study employs explainable AI (XAI) to create adversarial samples and uses it to identify and manipulate key features in FCGs, thereby fooling detection models. This approach targets model vulnerabilities, enhancing detection focus on actual malicious activities and maintaining accuracy. Our method achieves an F1-Score of 94% normally and 91% post-adversarial training, effectively countering adversarial attacks.

關鍵字(中)

★ 對抗式攻擊
★ 深度學習
★ 解釋性技術
★ Android惡意軟體檢測

關鍵字(英)

★ Adversarial Attacks
★ Deep Learning
★ Explainable AI
★ Android Malware Detection

論文目次

摘要 I
ABSTRACT II
致謝 III
目錄 IV
圖目錄 VII
表目錄 IX
一、緒論 1
1.1. 研究背景 1
1.2. 動機與目的 2
1.3. 貢獻 4
1.4. 章節架構 5
二、相關研究 6
2.1. ANDROID惡意軟體分析 6
2.1.1. Android應用程式檢測 6
2.2. 圖卷積網路與圖神經網路可解釋性 8
2.3. ANDROID對抗式攻擊與防禦策略 10
2.3.1. Android對抗式攻擊 10
2.3.2. 對抗式攻擊的防禦策略 13
2.4. 相關研究小節 14
三、研究方法 15
3.1. 系統架構 15
3.2. 資料集 16
3.3. 檢測模型 16
3.3.1. 提取FCG 16
3.3.2. 取得敏感子圖 18
3.3.3. 敏感子圖的向量表示 21
3.3.4. 模型訓練與測試 22
3.4. 生成對抗式樣本 24
3.4.1. 特徵重要度排名 25
3.4.2. 取得函式原始位置 27
3.4.3. 建立對抗式樣本 27
3.5. 對抗式訓練 31
四、實驗 35
4.1. 實驗環境 35
4.1.1. 硬體設備 35
4.1.2. 軟體設置 35
4.1.3. 實驗資料集 35
4.2. 評估指標 37
4.3. 評估問題 39
4.4. 實驗設計與結果 40
4.4.1. 實驗一 40
4.4.2. 實驗二 41
4.4.3. 實驗三 45
4.4.4. 實驗四 47
4.4.5. 實驗五 49
五、結論與未來研究 52
六、參考文獻 54

參考文獻

[1] “Mobile OS market share worldwide 2009-2023,” Statista. Accessed: Mar. 13, 2024. [Online]. Available: https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/
[2] S. Hou, Y. Ye, Y. Song, and M. Abdulhayoglu, “HinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network,” in Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, in KDD ’17. New York, NY, USA: Association for Computing Machinery, Aug. 2017, pp. 1507–1515. doi: 10.1145/3097983.3098026.
[3] T. Gao, W. Peng, D. Sisodia, T. K. Saha, F. Li, and M. Al Hasan, “Android Malware Detection via Graphlet Sampling,” IEEE Trans. Mob. Comput., vol. 18, no. 12, pp. 2754–2767, Feb. 2019, doi: 10.1109/TMC.2018.2880731.
[4] Y. Wu, X. Li, D. Zou, W. Yang, X. Zhang, and H. Jin, “MalScan: Fast Market-Wide Mobile Malware Scanning by Social-Network Centrality Analysis,” in 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), Jan. 2019, pp. 139–150. doi: 10.1109/ASE.2019.00023.
[5] X. Zhang et al., “Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware,” in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, in CCS ’20. New York, NY, USA: Association for Computing Machinery, Nov. 2020, pp. 757–770. doi: 10.1145/3372297.3417291.
[6] T. S. John, T. Thomas, and S. Emmanuel, “Graph Convolutional Networks for Android Malware Detection with System Call Graphs,” in 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP), Feb. 2020, pp. 162–170. doi: 10.1109/ISEA-ISAP49340.2020.235015.
[7] V. K. V and J. C. D, “Android Malware Detection using Function Call Graph with Graph Convolutional Networks,” in 2021 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC), May 2021, pp. 279–287. doi: 10.1109/ICSCCC51823.2021.9478141.
[8] Y. Yang, X. Du, Z. Yang, and X. Liu, “Android Malware Detection Based on Structural Features of the Function Call Graph,” Electronics, vol. 10, no. 2, Art. no. 2, Jan. 2021, doi: 10.3390/electronics10020186.
[9] F. Deldar, M. Abadi, and M. Ebrahimifard, “Android Malware Detection Using Supervised Deep Graph Representation Learning,” in 2022 12th International Conference on Computer and Knowledge Engineering (ICCKE), Jan. 2022, pp. 348–354. doi: 10.1109/ICCKE57176.2022.9960076.
[10] H. Wu, N. Luktarhan, G. Tian, and Y. Song, “An Android Malware Detection Approach to Enhance Node Feature Differences in a Function Call Graph Based on GCNs,” Sensors, vol. 23, no. 10, Art. no. 10, Jan. 2023, doi: 10.3390/s23104729.
[11] 楊蕙瑄 and Yang H.-H., “結合函式呼叫圖語意特徵及域適應技術之Android 抗混淆惡意軟體檢測模型研究;A Research of Android Anti-Obfuscated Malware Detection Combined with Function Call Graph Semantic Feature and Domain Adaptation,” thesis, 國立中央大學, 2023. Accessed: Jun. 11, 2024. [Online]. Available: https://ir.lib.ncu.edu.tw/handle/987654321/92666
[12] X. Lu, J. Zhao, S. Zhu, and P. Lio, “SNDGCN: Robust Android malware detection based on subgraph network and denoising GCN network,” Expert Syst. Appl., vol. 250, p. 123922, Sep. 2024, doi: 10.1016/j.eswa.2024.123922.
[13] Z. Liu, R. Wang, N. Japkowicz, H. M. Gomes, B. Peng, and W. Zhang, “SeGDroid: An Android malware detection method based on sensitive function call graph learning,” Expert Syst. Appl., vol. 235, p. 121125, Jan. 2024, doi: 10.1016/j.eswa.2023.121125.
[14] H. Li et al., “Black-box adversarial example attack towards FCG based android malware detection under incomplete feature information,” in Proceedings of the 32nd USENIX Conference on Security Symposium, in SEC ’23. USA: USENIX Association, Aug. 2023, pp. 1181–1198.
[15] H. Bostani and V. Moonsamy, “EvadeDroid: A practical evasion attack on machine learning for black-box Android malware detection,” Comput. Secur., vol. 139, p. 103676, Apr. 2024, doi: 10.1016/j.cose.2023.103676.
[16] T. Bai, J. Luo, J. Zhao, B. Wen, and Q. Wang, “Recent Advances in Adversarial Training for Adversarial Robustness,” presented at the Twenty-Ninth International Joint Conference on Artificial Intelligence, Aug. 2021, pp. 4312–4321. doi: 10.24963/ijcai.2021/591.
[17] F. Pierazzi, F. Pendlebury, J. Cortellazzi, and L. Cavallaro, “Intriguing Properties of Adversarial ML Attacks in the Problem Space,” presented at the 2020 IEEE Symposium on Security and Privacy (SP), IEEE Computer Society, May 2020, pp. 1332–1349. doi: 10.1109/SP40000.2020.00073.
[18] K. Zhao et al., “Structural Attack against Graph Based Android Malware Detection,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, in CCS ’21. New York, NY, USA: Association for Computing Machinery, Nov. 2021, pp. 3218–3235. doi: 10.1145/3460120.3485387.
[19] Z. Shu and G. Yan, “EAGLE: Evasion Attacks Guided by Local Explanations against Android Malware Classification,” IEEE Trans. Dependable Secure Comput., pp. 1–18, 2023, doi: 10.1109/TDSC.2023.3324265.
[20] X. Chen et al., “Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection,” IEEE Trans. Inf. Forensics Secur., vol. 15, pp. 987–1001, Jan. 2020, doi: 10.1109/TIFS.2019.2932228.
[21] L. Onwuzurike, E. Mariconti, P. Andriotis, E. D. Cristofaro, G. Ross, and G. Stringhini, “MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models (Extended Version),” ACM Trans. Priv. Secur., vol. 22, no. 2, p. 14:1-14:34, Apr. 2019, doi: 10.1145/3313391.
[22] I. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and Harnessing Adversarial Examples,” CoRR, Dec. 2014, Accessed: Jun. 02, 2024. [Online]. Available: https://www.semanticscholar.org/paper/Explaining-and-Harnessing-Adversarial-Examples-Goodfellow-Shlens/bee044c8e8903fb67523c1f8c105ab4718600cdb
[23] C. Szegedy et al., “Going deeper with convolutions,” presented at the 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), IEEE Computer Society, Jun. 2015, pp. 1–9. doi: 10.1109/CVPR.2015.7298594.
[24] D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C. Siemens, “Drebin: Effective and explainable detection of android malware in your pocket.,” in Ndss, 2014, pp. 23–26.
[25] “Mobile Security Framework - MobSF Documentation,” Mobile Security Framework - MobSF Documentation. Accessed: Mar. 13, 2024. [Online]. Available: https://mobsf.github.io/docs/
[26] A. Grover and J. Leskovec, “node2vec: Scalable Feature Learning for Networks,” in Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, in KDD ’16. New York, NY, USA: Association for Computing Machinery, Aug. 2016, pp. 855–864. doi: 10.1145/2939672.2939754.
[27] T. Mikolov, K. Chen, G. Corrado, and J. Dean, “Efficient Estimation of Word Representations in Vector Space,” presented at the International Conference on Learning Representations, Jan. 2013. Accessed: Jun. 12, 2024. [Online]. Available: https://www.semanticscholar.org/paper/Efficient-Estimation-of-Word-Representations-in-Mikolov-Chen/f6b51c8753a871dc94ff32152c00c01e94f90f09
[28] H. Yuan, H. Yu, S. Gui, and S. Ji, “Explainability in Graph Neural Networks: A Taxonomic Survey,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 45, no. 05, pp. 5782–5799, May 2023, doi: 10.1109/TPAMI.2022.3204236.
[29] P. E. Pope, S. Kolouri, M. Rostami, C. E. Martin, and H. Hoffmann, “Explainability Methods for Graph Convolutional Neural Networks,” in 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Jun. 2019, pp. 10764–10773. doi: 10.1109/CVPR.2019.01103.
[30] “GNNExplainer | Proceedings of the 33rd International Conference on Neural Information Processing Systems,” Guide Proceedings. Accessed: Jun. 02, 2024. [Online]. Available: https://dl.acm.org/doi/10.5555/3454287.3455116
[31] D. Luo et al., “Parameterized explainer for graph neural network,” in Proceedings of the 34th International Conference on Neural Information Processing Systems, in NIPS ’20. Red Hook, NY, USA: Curran Associates Inc., Dec. 2020, pp. 19620–19631.
[32] H. Yuan, H. Yu, J. Wang, K. Li, and S. Ji, “On Explainability of Graph Neural Networks via Subgraph Explorations,” presented at the International Conference on Machine Learning, Feb. 2021. Accessed: Jun. 12, 2024. [Online]. Available: https://www.semanticscholar.org/paper/On-Explainability-of-Graph-Neural-Networks-via-Yuan-Yu/123139463809b5acf98b95d4c8e958be334a32b5
[33] F. Baldassarre and H. Azizpour, “Explainability Techniques for Graph Convolutional Networks,” ArXiv, May 2019, Accessed: Jun. 12, 2024. [Online]. Available: https://www.semanticscholar.org/paper/Explainability-Techniques-for-Graph-Convolutional-Baldassarre-Azizpour/8fb202cdcfec3b0e7ba0e3f88949d6d923b48b2d
[34] T. Schnake et al., “Higher-Order Explanations of Graph Neural Networks via Relevant Walks,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 44, no. 11, pp. 7581–7596, Jan. 2022, doi: 10.1109/TPAMI.2021.3115452.
[35] Q. Huang, M. Yamada, Y. Tian, D. Singh, and Y. Chang, “GraphLIME: Local Interpretable Model Explanations for Graph Neural Networks,” IEEE Trans. Knowl. Data Eng., vol. 35, no. 7, pp. 6968–6972, Jul. 2023, doi: 10.1109/TKDE.2022.3187455.
[36] H. Yuan, J. Tang, X. Hu, and S. Ji, “XGNN: Towards Model-Level Explanations of Graph Neural Networks,” Proc. 26th ACM SIGKDD Int. Conf. Knowl. Discov. Data Min., pp. 430–438, Aug. 2020, doi: 10.1145/3394486.3403085.
[37] N. Akhtar, A. Mian, N. Kardan, and M. Shah, “Advances in Adversarial Attacks and Defenses in Computer Vision: A Survey,” IEEE Access, vol. 9, pp. 155161–155196, 2021, doi: 10.1109/ACCESS.2021.3127960.
[38] P. Bountakas, A. Zarras, A. Lekidis, and C. Xenakis, “Defense strategies for Adversarial Machine Learning: A survey,” Comput. Sci. Rev., vol. 49, p. 100573, Aug. 2023, doi: 10.1016/j.cosrev.2023.100573.
[39] “Welcome to Androguard’s documentation! — Androguard 3.4.0 documentation.” Accessed: Mar. 13, 2024. [Online]. Available: https://androguard.readthedocs.io/en/latest/
[40] M. Backes, S. Bugiel, E. Derr, P. McDaniel, D. Octeau, and S. Weisgerber, “On Demystifying the Android Application Framework: {Re-Visiting} Android Permission Specification Analysis,” presented at the 25th USENIX Security Symposium (USENIX Security 16), 2016, pp. 1101–1118. Accessed: Mar. 13, 2024. [Online]. Available: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/backes_android
[41] C. Zhao, W. Zheng, L. Gong, M. Zhang, and C. Wang, “Quick and Accurate Android Malware Detection Based on Sensitive APIs,” in 2018 IEEE International Conference on Smart Internet of Things (SmartIoT), Aug. 2018, pp. 143–148. doi: 10.1109/SmartIoT.2018.00034.
[42] P. J. M. van Laarhoven and E. H. L. Aarts, “Simulated annealing,” in Simulated Annealing: Theory and Applications, P. J. M. van Laarhoven and E. H. L. Aarts, Eds., Dordrecht: Springer Netherlands, 1987, pp. 7–15. doi: 10.1007/978-94-015-7744-1_2.
[43] D. B. Skalak, “Prototype and Feature Selection by Sampling and Random Mutation Hill Climbing Algorithms,” in Machine Learning Proceedings 1994, W. W. Cohen and H. Hirsh, Eds., San Francisco (CA): Morgan Kaufmann, 1994, pp. 293–301. doi: 10.1016/B978-1-55860-335-6.50043-X.
[44] “Welcome to Deep Graph Library Tutorials and Documentation — DGL 2.1.0 documentation.” Accessed: Mar. 13, 2024. [Online]. Available: https://docs.dgl.ai/index.html

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2024-7-30

推文