DroidBreaker: Practical and Functional Problem-Space Attacks on Machine-Learning Android Malware Detectors

2026-06-25 · Source: Machine Learning · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Expert, quick

Summary

DROIDBREAKER is a novel framework designed to execute practical and functional problem-space attacks against machine-learning Android malware detectors. This framework addresses significant limitations of prior techniques, which often caused build-time failures, introduced extensive side effects, or relied on brittle bytecode rewriting, leading to syntactically valid but semantically unusable APKs. DROIDBREAKER achieves query-efficient white- and black-box attacks by manipulating only the most influential APK components, employing fine-grained, build-safe manipulations like injecting and obfuscating API calls, app modules, permissions, and URLs with minimal side effects. It also includes a semantics-preserving functionality test that ensures runtime equivalence. Evaluated on a recent Android application corpus, DROIDBREAKER demonstrates high evasion rates with few queries and minimal side effects in both white-box and black-box scenarios, significantly reducing detections by commercial malware scanners on VirusTotal.

Key takeaway

For AI Security Engineers developing or deploying Android malware detection systems, DROIDBREAKER highlights critical vulnerabilities in current machine learning models. You should prioritize robust functional testing beyond basic execution checks and integrate defenses against fine-grained, semantics-preserving problem-space manipulations. Consider DROIDBREAKER's methods to proactively test your detectors' resilience against sophisticated evasion techniques that target influential APK components, ensuring your systems can withstand practical, build-safe adversarial attacks.

Key insights

DROIDBREAKER offers a practical, semantics-preserving framework for evading ML-based Android malware detectors through targeted, build-safe manipulations.

Principles

• Problem-space attacks require build-safety and semantic preservation.
• Targeting influential APK components improves attack efficiency.
• Functional testing is crucial for validating attack success.

Method

DROIDBREAKER manipulates influential APK components via fine-grained, build-safe injections and obfuscations of API calls, modules, permissions, and URLs. It validates functionality by comparing execution logs and API traces.

In practice

• Evade ML-based Android malware detection.
• Test robustness of Android security models.
• Develop more resilient malware detectors.

Topics

• Android Malware Detection
• Adversarial Machine Learning
• Problem-Space Attacks
• APK Manipulation
• Malware Evasion
• DroidBreaker

Best for: Research Scientist, CTO, VP of Engineering/Data, AI Security Engineer, AI Scientist, Machine Learning Engineer

Related on AIssential

• MASCOT-Android: A Curated Dataset and Automated Collection Pipeline for Android Malware Source Code Specimens — Repository READMEs provide a strong, automatable signal for identifying Android malware source code, enabling scalable dataset collection.
• Automated jailbreak attack targeting multiple defense strategies — UNIATTACK systematically generates effective, generalizable black-box jailbreak prompts for LLMs with high success and low cost.
• AI-Powered Samsung FRP Bypass: A Smarter Way to Unlock Without Guesswork — AI-powered tools offer a reliable and safe method for bypassing Samsung FRP by adapting to device specifics.
• 😺 Google sued the people spamming your phone — AI tools, including Google's Gemini, are being weaponized for sophisticated cybercrime, highlighting the urgent need for robust security measures and ethical AI deployment.
• Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives" — An AI agent harness significantly reduces false positives in vulnerability detection by integrating LLMs into existing developer toolchains.
• AttackPathGNN: Cross-function vulnerability detection in smart contracts using state interference graphs and conjunction pooling — Cross-function smart contract vulnerabilities require reasoning over inter-function relationships, not just single-function patterns.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Machine Learning.