Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection

Machine learning based solutions have been successfully employed for automatic detection of malware in Android applications. However, machine learning models are known to lack robustness against inputs crafted by an adversary. So far, the adversarial examples can only deceive Android malware detectors that rely on syntactic features, and the perturbations can only be implemented by simply modifying Android manifest. While recent Android malware detectors rely more on semantic features from Dalvik bytecode rather than manifest, existing attacking/defending methods are no longer effective. In this paper, we introduce a new highly-effective attack that generates adversarial examples of Android malware and evades being detected by the current models. To this end, we propose a method of applying optimal perturbations onto Android APK using a substitute model. Based on the transferability concept, the perturbations that successfully deceive the substitute model are likely to deceive the original models as well. We develop an automated tool to generate the adversarial examples without human intervention to apply the attacks. In contrast to existing works, the adversarial examples crafted by our method can also deceive recent machine learning based detectors that rely on semantic features such as control-flow-graph. The perturbations can also be implemented directly onto APK's Dalvik bytecode rather than Android manifest to evade from recent detectors. We evaluated the proposed manipulation methods for adversarial examples by using the same datasets that Drebin and MaMadroid (5879 malware samples) used. Our results show that, the malware detection rates decreased from 96% to 1% in MaMaDroid, and from 97% to 1% in Drebin, with just a small distortion generated by our adversarial examples manipulation method.Comment: 15 pages, 11 figure

The MUSE-Wide Survey: A first catalogue of 831 emission line galaxies

We present a first instalment of the MUSE-Wide survey, covering an area of 22.2 arcmin$^2$ (corresponding to $\sim$20% of the final survey) in the CANDELS/Deep area of the Chandra Deep Field South. We use the MUSE integral field spectrograph at the ESO VLT to conduct a full-area spectroscopic mapping at a depth of 1h exposure time per 1 arcmin$^2$ pointing. We searched for compact emission line objects using our newly developed LSDCat software based on a 3-D matched filtering approach, followed by interactive classification and redshift measurement of the sources. Our catalogue contains 831 distinct emission line galaxies with redshifts ranging from 0.04 to 6. Roughly one third (237) of the emission line sources are Lyman $\alpha$ emitting galaxies with $3 < z < 6$, only four of which had previously measured spectroscopic redshifts. At lower redshifts 351 galaxies are detected primarily by their [OII] emission line ($0.3 \lesssim z \lesssim 1.5$), 189 by their [OIII] line ($0.21 \lesssim z \lesssim 0.85$), and 46 by their H$\alpha$ line ($0.04 \lesssim z \lesssim 0.42$). Comparing our spectroscopic redshifts to photometric redshift estimates from the literature, we find excellent agreement for $z<1.5$ with a median $\Delta z$ of only $\sim 4 \times 10^{-4}$ and an outlier rate of 6%, however a significant systematic offset of $\Delta z = 0.26$ and an outlier rate of 23% for Ly$\alpha$ emitters at $z>3$. Together with the catalogue we also release 1D PSF-weighted extracted spectra and small 3D datacubes centred on each of the 831 sources.Comment: 24 pages, 14 figures, accepted for publication in A&A, data products are available for download from http://muse-vlt.eu/science/muse-wide-survey/ and later via the CD

Streamlining collection of training samples for object detection and classification in video

Copyright 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. This is the accepted version of the article. The published version is available at

HIIphot: Automated Photometry of HII Regions Applied to M51

We have developed a robust, automated method, hereafter designated HIIphot, which enables accurate photometric characterization of HII regions while permitting genuine adaptivity to irregular source morphology. HIIphot utilizes object-recognition techniques to make a first guess at the shapes of all sources then allows for departure from such idealized ``seeds'' through an iterative growing procedure. Photometric corrections for spatially coincident diffuse emission are derived from a low-order surface fit to the background after exclusion of all detected sources. We present results for the well-studied, nearby spiral M51 in which 1229 HII regions are detected above the 5-sigma level. A simple, weighted power-law fit to the measured H-alpha luminosity function (HII LF) above log L_H-alpha = 37.6 gives alpha = -1.75+/-0.06, despite a conspicuous break in the HII LF observed near L_H-alpha = 10^38.9. Our best- fit slope is marginally steeper than measured by Rand (1992), perhaps reflecting our increased sensitivity at low luminosities and to notably diffuse objects. HII regions located in interarm gaps are preferentially less luminous than counterparts which constitute M51's grand-design spiral arms and are best fit with a power-law slope of alpha = -1.96+/-0.15. We assign arm/interarm status for HII regions based upon the varying surface brightness of diffuse emission as a function of position throughout the image. Using our measurement of the integrated flux contributed by resolved HII regions in M51, we estimate the diffuse fraction to be approximately 0.45 -- in agreement with the determination of Greenawalt et al. (1998). Automated processing of degraded datasets is undertaken to gauge systematic effects associated with limiting spatial resolution and sensitivity.Comment: 41 pages, 14 figures, Postscript version with high-resolution figures at ftp://ftp.aoc.nrao.edu/staff/dthilker/preprint

Fault Detection Effectiveness of Metamorphic Relations Developed for Testing Supervised Classifiers

In machine learning, supervised classifiers are used to obtain predictions for unlabeled data by inferring prediction functions using labeled data. Supervised classifiers are widely applied in domains such as computational biology, computational physics and healthcare to make critical decisions. However, it is often hard to test supervised classifiers since the expected answers are unknown. This is commonly known as the \emph{oracle problem} and metamorphic testing (MT) has been used to test such programs. In MT, metamorphic relations (MRs) are developed from intrinsic characteristics of the software under test (SUT). These MRs are used to generate test data and to verify the correctness of the test results without the presence of a test oracle. Effectiveness of MT heavily depends on the MRs used for testing. In this paper we have conducted an extensive empirical study to evaluate the fault detection effectiveness of MRs that have been used in multiple previous studies to test supervised classifiers. Our study uses a total of 709 reachable mutants generated by multiple mutation engines and uses data sets with varying characteristics to test the SUT. Our results reveal that only 14.8\% of these mutants are detected using the MRs and that the fault detection effectiveness of these MRs do not scale with the increased number of mutants when compared to what was reported in previous studies.Comment: 8 pages, AITesting 201