IEEE Access (Jan 2024)
CycleGAN-Gradient Penalty for Enhancing Android Adversarial Malware Detection in Gray Box Setting
Abstract
Adversarial attacks pose significant threats to Android malware detection by undermining the effectiveness of machine learning-based systems. The rapid increase in Android apps complicates the management of malicious software that can compromise user defense solutions. Many current Android defense techniques rely on deep learning methods. Malicious users exploit GAN-based attacks to achieve adversarial attack transferability and deceive target models by crafting adversarial examples based on known models. We propose a new model based on a Cycle Generative Adversarial Network (CycleGAN) to detect GAN-based attacks. This model incorporates a gradient penalty to enhance the detection rate of the target model. Our investigation focuses on a gray box scenario, where the attacker has partial information about the model. The results show that our model outperforms existing classifiers in detecting adversarial attacks.
Keywords