Malicious Software Adversarial Defense Model Based on Feature Severity Ranking
The application of deep learning models in the detection of Android malware can continuously improved the accuracy of detection.However,with the proposal of adversarial examples,these examples can easily evade detection by deep learning models,leading to questions about the detection capabilities of deep learning models.To counteract adversarial attacks on Android malicious software,current approaches often employ adversarial training for defense.This paper addressed the limitation of adversarial training in dealing with various types of adversarial examples and proposed the concept of feature maliciousness.Feature maliciousness involved ranking features based on their malicious nature,and this ranked feature set was utilized to construct a malicious software adversarial defense model with adversarial defense capabilities,termed the feature maliciousness processing(FMP)detector.This model extracted high-maliciousness features from the software under consideration,mitigating the problem of model misclassification caused by adversarial perturbations.On the open-source dataset DefenceDroid,the feature selection method employed by the FMP detector significantly enhances the detection rates for various types of adversarial examples compared to adversarial training and other feature selection methods.Under multiple adversarial example attacks,the FMP detector demonstrats the highest level of robust performance.
NETL
NSTL
万方数据
