Abstract: With its strong self-adaptability and self-learning ability, machine learning systems are increasingly used in the field of Android malware detection and have achieved remarkable detection results. However, machine learning algorithms and samples themselves also face many security threats, some well-designed attacks, hoping to subvert these algorithms and allow malicious behavior to resist detection. Firstly, the principle of machine learning-based detection method is introduced by taking the Drebin system as an example, and then an evasion attack model for machine learning classifier is proposed based on the attack target and attack strategy. Based on the comprehensive consideration of feature weight, modifiability and modification cost, proposes a malicious countermeasure sample generation method. The experimental results show that only a few features need to be modified to evade the detection of the linear SVM classifier. Finally, a specific example of malicious sample evasion attack verifies the effectiveness of the proposed method.