UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Crystal Ball: From Innovative Attacks to Attack Effectiveness Classifier

Berger, H; Hajaj, C; Mariconti, E; Dvir, A; (2021) Crystal Ball: From Innovative Attacks to Attack Effectiveness Classifier. IEEE Access , 10 pp. 1317-1333. 10.1109/ACCESS.2021.3138628. Green open access

[thumbnail of Mariconti_Crystal Ball- From Innovative Attacks to Attack Effectiveness Classifier_VoR.pdf]
Preview
 Text
Mariconti_Crystal Ball- From Innovative Attacks to Attack Effectiveness Classifier_VoR.pdf - Published Version
Download (1MB) | Preview

Abstract

Android OS is one of the most popular operating systems worldwide, making it a desirable target for malware attacks. Some of the latest and most important defensive systems are based on machine learning (ML) and cybercriminals continuously search for ways to overcome the barriers posed by these systems. Thus, the focus of this work is on evasion attacks in the attempt to show the weaknesses of state of the art research and how more resilient systems can be built. Evasion attacks consist of manipulating either the actual malicious application (problem-based) or its extracted feature vector (feature-based), to avoid being detected by ML systems. This study presents a set of innovative problem-based evasion attacks against well-known Android malware detection systems, which decrease their detection rate by up to 97%. Moreover, an analysis of the effectiveness of these attacks against VirusTotal (VT) scanners was conducted, empirically showing their efficiency against well-known scanners (e.g., McAfee and Comodo) as well. The VT system proved to be a great candidate for the attacks, as in 98% of the apps, less scanners detected the manipulated apps than the original malicious apps. As not all the attacks are effective in the same manner against the VT scanners, the attack efficiency classifiers are advised. Each classifier predicts the applicability of one of the attacks. The set of classifiers creates an ensemble, which shows high success rates, allowing the attacker to decide which attack is best to use for each malicious app and defense system.

Type: Article
Title: Crystal Ball: From Innovative Attacks to Attack Effectiveness Classifier
Open access status: An open access version is available from UCL Discovery
DOI: 10.1109/ACCESS.2021.3138628
Publisher version: https://doi.org/10.1109/ACCESS.2021.3138628
Language: English
Additional information: This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/10141692
Downloads since deposit
94Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item