Android malware adversarial attacks based on feature importance prediction

In the last decade, malicious Android applications have increased rapidly because of the popularity of Android mobile devices. In particular, some Android malware starts to use the adversarial examples generation technology to escape from the detection system. To defend against the adversarial examples of Android malware, researchers need to research the generation of adversarial examples. Meanwhile, substitute models are one of the research topics in machine learning interpretability. In the paper, we propose a new model called p-MalGAN with a Feature Importance Prediction (FIP) module based on MalGAN, a Generative Adversarial Network (GAN) for generating malware adversarial examples. FIP module uses random forest as an substitute model to calculates the importance of features by measuring the correlation between the features and the labels of the detector to predict the features used by the detector, then uses the high-confidence features to generate adversarial examples. Compared with MalGAN, our model overcomes the difficulty of not knowing detector features in realistic scenes. Experimental results show that our method can effectively predict the features of the detector and reduces the difference between the adversarial examples and the original malware with slightly affecting the attack performance.