Exploring Adversarial Examples in Malware Detection

2019 IEEE Security and Privacy Workshops (SPW) Pub Date : 2018-10-18 DOI:10.1109/SPW.2019.00015

Octavian Suciu, Scott E. Coull, Jeffrey Johns

{"title":"Exploring Adversarial Examples in Malware Detection","authors":"Octavian Suciu, Scott E. Coull, Jeffrey Johns","doi":"10.1109/SPW.2019.00015","DOIUrl":null,"url":null,"abstract":"The convolutional neural network (CNN) architecture is increasingly being applied to new domains, such as malware detection, where it is able to learn malicious behavior from raw bytes extracted from executables. These architectures reach impressive performance with no feature engineering effort involved, but their robustness against active attackers is yet to be understood. Such malware detectors could face a new attack vector in the form of adversarial interference with the classification model. Existing evasion attacks intended to cause misclassification on test-time instances, which have been extensively studied for image classifiers, are not applicable because of the input semantics that prevents arbitrary changes to the binaries. This paper explores the area of adversarial examples for malware detection. By training an existing model on a production-scale dataset, we show that some previous attacks are less effective than initially reported, while simultaneously highlighting architectural weaknesses that facilitate new attack strategies for malware classification. Finally, we explore how generalizable different attack strategies are, the trade-offs when aiming to increase their effectiveness, and the transferability of single-step attacks.","PeriodicalId":125351,"journal":{"name":"2019 IEEE Security and Privacy Workshops (SPW)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"151","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Security and Privacy Workshops (SPW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW.2019.00015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 151

Abstract

The convolutional neural network (CNN) architecture is increasingly being applied to new domains, such as malware detection, where it is able to learn malicious behavior from raw bytes extracted from executables. These architectures reach impressive performance with no feature engineering effort involved, but their robustness against active attackers is yet to be understood. Such malware detectors could face a new attack vector in the form of adversarial interference with the classification model. Existing evasion attacks intended to cause misclassification on test-time instances, which have been extensively studied for image classifiers, are not applicable because of the input semantics that prevents arbitrary changes to the binaries. This paper explores the area of adversarial examples for malware detection. By training an existing model on a production-scale dataset, we show that some previous attacks are less effective than initially reported, while simultaneously highlighting architectural weaknesses that facilitate new attack strategies for malware classification. Finally, we explore how generalizable different attack strategies are, the trade-offs when aiming to increase their effectiveness, and the transferability of single-step attacks.

查看原文本刊更多论文

探索恶意软件检测中的对抗性示例

卷积神经网络(CNN)架构正越来越多地应用于新的领域，例如恶意软件检测，它能够从可执行文件中提取的原始字节中学习恶意行为。这些体系结构在不涉及特征工程的情况下达到了令人印象深刻的性能，但是它们对主动攻击者的健壮性还有待了解。这种恶意软件检测器可能面临一种新的攻击向量，其形式是对分类模型的对抗性干扰。现有的逃避攻击旨在导致对测试时实例的错误分类，这些攻击已经在图像分类器中得到了广泛的研究，但由于输入语义阻止了对二进制文件的任意更改，因此不适用。本文探讨了恶意软件检测的对抗性示例领域。通过在生产规模数据集上训练现有模型，我们发现一些先前的攻击不如最初报道的有效，同时突出了架构上的弱点，这些弱点有助于新的攻击策略进行恶意软件分类。最后，我们探讨了不同攻击策略的通用性，提高其有效性时的权衡，以及单步攻击的可转移性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE Security and Privacy Workshops (SPW)

自引率

0.00%

发文量