Machine Learning (ML) promises to enhance the efficacy of Android Malware Detection (AMD) but is vulnerable to realistic evasion attacks.
Defenders aim to identify susceptible regions in the feature space where ML models are prone to deception.
A proposed approach introduces a new interpretation of Android domain constraints in the feature space and employs a novel technique to learn them.
Empirical evaluations show effective detection of Adversarial Examples (AEs) using learned domain constraints and improved robustness against realizable AEs generated by unknown problem-space transformations.