File(s) not publicly available
Selective adversarial learning for mobile malware
conference contribution
posted on 2019-10-30, 00:00 authored by ME Khoda, Tasadduq ImamTasadduq Imam, J Kamruzzaman, I Gondal, A RahmanMachine learning models, including deep neural networks, have been shown to be vulnerable to adversarial attacks. Adversarial samples are crafted from legitimate inputs by carefully introducing small perturbation to the input so that the classifier is fooled. Adversarial retraining, which involves retraining the classifier using adversarial samples, has been shown to improve the robustness of the classifier against adversarial
attacks. However, it has been also shown that retraining with too many samples can lead to performance degradation. Hence, a careful selection of the adversarial samples that are used to retrain the classifier is necessary, yet existing works select these samples in a randomized fashion.
In our work, we propose two novel approaches for selecting adversarial samples: based on the distance from cluster center of malware and based on the probability derived from a kernel based learning (KBL). Our experiment results show that both of our selective mechanisms for adversarial retraining outperform the random selection technique and significantly improve the classifier performance against adversarial attacks. In particular, selection with KBL delivers above 6% improvement in detection accuracy compared to random selection. The method proposed here has greater impact in designing robust machine learning
system for security applications.
Funding
Other
History
Start Page
272End Page
279Number of Pages
8Start Date
2019-08-05Finish Date
2019-08-08eISSN
2324-9013ISSN
2324-898XISBN-13
9781728127781Location
Rotorua, New ZealandPublisher
IEEEPlace of Publication
Piscataway, NJFull Text URL
Peer Reviewed
- Yes
Open Access
- No
External Author Affiliations
Federation University, CSIROEra Eligible
- Yes