Domain Constraints in Feature Space: Strengthening Robustness of Android Malware Detection against Realizable Adversarial Examples. (arXiv:2205.15128v2 [cs.LG] UPDATED)

Strengthening the robustness of machine learning-based Android malware
detectors in the real world requires incorporating realizable adversarial
examples (RealAEs), i.e., AEs that satisfy the domain constraints of Android
malware. However, existing work focuses on generating RealAEs in the problem
space, which is known to be time-consuming and impractical for adversarial
training. In this paper, we propose to generate RealAEs in the feature space,
leading to a simpler and more efficient solution. Our approach is driven by a
novel interpretation of …

adversarial android android malware constraints detection domain malware malware detection robustness space