SeqNinja : automatic payload re-construction and manipulation in sequence-based android adversarial attack

The increasing trend of using learning-based Android malware detectors has resulted in a rise in the adversarial attack against such detectors. Despite Artificial Intelligence having high capability, it lacks robustness against adversarial attacks. As such, many learning-based detectors have come out with ways to defend against them. Currently, many of the adversarial attacking tools readily available only inject dead code, which can never be executed, and require to inject many benign features into a malicious APK. This can easily be noticeable by program analysis techniques to detect dead code. As such, SeqNinja aims to bring the adversarial attack to the next level by injecting a payload that allows execution without breaking the app’s original functionalities. These payloads are obtained from benign APK at Smali level and normalized into usable code snippets. The extracted Smali codes are carefully selected by filtering out ‘user-visible’ APIs or Intents. As such, payloads are able to be executed without any visible change noticeable by the user. Extracting Smali code from any benign APKs also allows many varieties of payloads as compared to other adversarial tools that use limited customized payloads stored in a database. Payloads can be injected into any location of the file based on sequence position or on the launcher class. Experiments were conducted to prove that randomly extracted payloads from any benign apps are able to execute without causing any ‘user-visible’ behaviors or crashing the app when running the app in an Android emulator.