Loading...
ENHANCING THE PGD ATTACK: A DYNAMIC STEP-SIZE APPROACH FOR ROBUST EVASION ON ANDROID MALWARE
Citations
Altmetric:
Video URL
Date
2026-01-01
Author
Collections
Files
Abstract
Deep learning models are challenged by adversarial assaults, especially in securitysensitive scenarios like Android malware detection, where model flaws might is serious repercussions. Because of its demonstrated ability to produce adversarial perturbations, the Projected Gradient Descent (PGD) approach is a commonly used baseline. Nevertheless, PGD’s dependence on consistent updating rules and defined step sizes restricts its capacity to adjust to various model reactions and may lessen the attack’s overall potency. To address these deficiencies, an attack method termed DSAAP (Dynamic Step Adaptive Adversarial Perturbation) has been introduced. By using dynamic step scaling, gradient normalization, momentum-based updates, and early halting triggered by confidence thresholding, DSAAP improves upon the PGD framework. This different combination greatly maximises the impact of the attack by enabling real-time modifications to perturbations based on the feedback from the model. CICMalDroid2020, a multiclass dataset that addresses multi-class classification, and KronoDroid, a binary dataset that focuses on binary classification tasks, are two well-known Android malware datasets that has been employed to assess DSAAP. During these tests, the target model is a 1D CNN (Convolutional Neural Network). Based on criteria such as ASR (Attack Success Rate), accuracy drop, precision, recall, F1 score, and confusion matrix analysis, the results show that DSAAP is more successful than standard PGD and its variants in terms of model degradation. These results highlight the vital need for adaptive tactics in offensive ML (Machine Learning), showing that a more sophisticated strategy is necessary to comprehend and counteract hostile threats in deep learning systems. Thus, this study contributes to the current discussion on AI security by demonstrating howadaptive techniques might strengthen ML models’ resistance to argumentative manipulations.