Adversarial Patterns: Building Robust Android Malware Classifiers
Dipkamal Bhusal, Nidhi Rastogi
TL;DR
The paper addresses the vulnerability of ML-based Android malware classifiers to adversarial attacks and provides a comprehensive survey of both evasion attacks and defenses within the Android domain. It systematically covers machine learning models, Android-specific threat models, attack types (feature-space and problem-space), and defense strategies (robustness enhancements and adversarial detection), supported by practical examples and evaluation metrics. Key contributions include actionable guidelines for building robust detectors, a taxonomy of Android-adversarial attacks, and identified research directions that bridge adversarial theory with real-world malware defense. The work advances the field by clarifying the attack-defense landscape, offering standardized evaluation criteria, and guiding future research toward practical, resilient Android malware classifiers.
Abstract
Machine learning models are increasingly being adopted across various fields, such as medicine, business, autonomous vehicles, and cybersecurity, to analyze vast amounts of data, detect patterns, and make predictions or recommendations. In the field of cybersecurity, these models have made significant improvements in malware detection. However, despite their ability to understand complex patterns from unstructured data, these models are susceptible to adversarial attacks that perform slight modifications in malware samples, leading to misclassification from malignant to benign. Numerous defense approaches have been proposed to either detect such adversarial attacks or improve model robustness. These approaches have resulted in a multitude of attack and defense techniques and the emergence of a field known as `adversarial machine learning.' In this survey paper, we provide a comprehensive review of adversarial machine learning in the context of Android malware classifiers. Android is the most widely used operating system globally and is an easy target for malicious agents. The paper first presents an extensive background on Android malware classifiers, followed by an examination of the latest advancements in adversarial attacks and defenses. Finally, the paper provides guidelines for designing robust malware classifiers and outlines research directions for the future.
