SeqAdver: Automatic Payload Construction and Injection in Sequence-based Android Adversarial Attack

Machine learning has achieved a great success in the field of Android malware detection. In order to avoid being caught by these ML-based Android malware detection, malware authors are inclined to initiate adversarial sample attacks by tampering with mobile applications. Although machine learning has high capability, it lacks robustness against adversarial attacks. Currently, many of the adversarial attacking tools not only inject dead code into target applications, which can never be executed, but also require the injection of many benign features into a malicious APK. This can be easily noticeable by program analysis techniques. In this paper, we propose SeqAdver, an automatic payload construction and injection tool, which aims to bring the adversarial attack to the next level by injecting a payload that allows execution without breaking the app’s original functionalities. These payloads are obtained from benign APKs at the Smali level and normalized into usable code snippets. The extracted Smali codes are carefully selected by filtering out ‘user-visible’ APIs and Intents. Therefore, payloads are able to be executed without any visible change noticed by the user. Besides, extracted payloads can be injected into different locations of the file based on sequence position or on the launcher class. Experiments were conducted to prove that randomly extracted payloads from benign apps are able to execute without causing any ‘user-visible’ behaviors or crashing the app when running the app in Android emulators.