改进针对可执行原始字节分类器的对抗性攻击

IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) Pub Date : 2021-05-10 DOI:10.1109/INFOCOMWKSHPS51825.2021.9484612

Justin Burr, Shengjie Xu

{"title":"改进针对可执行原始字节分类器的对抗性攻击","authors":"Justin Burr, Shengjie Xu","doi":"10.1109/INFOCOMWKSHPS51825.2021.9484612","DOIUrl":null,"url":null,"abstract":"Machine learning models serve as a powerful new technique for detecting malware. However, they are extremely vulnerable to attacks using adversarial examples. Machine learning models that classify Windows Portable Executable (PE) files are challenging to attack using this method due to the difficulty of manipulating executable file formats without compromising their functionality. In this paper, our objective is to propose and develop advanced attacks against models such as MalConv, which forgo feature engineering in favor of ingesting the entire executable file as a raw byte sequence. We will attempt to discover attack methods that are much more sophisticated and difficult to detect than current methods that simply append large amounts of specially-crafted byte sequences to the end of the PE file.","PeriodicalId":109588,"journal":{"name":"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Improving Adversarial Attacks Against Executable Raw Byte Classifiers\",\"authors\":\"Justin Burr, Shengjie Xu\",\"doi\":\"10.1109/INFOCOMWKSHPS51825.2021.9484612\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Machine learning models serve as a powerful new technique for detecting malware. However, they are extremely vulnerable to attacks using adversarial examples. Machine learning models that classify Windows Portable Executable (PE) files are challenging to attack using this method due to the difficulty of manipulating executable file formats without compromising their functionality. In this paper, our objective is to propose and develop advanced attacks against models such as MalConv, which forgo feature engineering in favor of ingesting the entire executable file as a raw byte sequence. We will attempt to discover attack methods that are much more sophisticated and difficult to detect than current methods that simply append large amounts of specially-crafted byte sequences to the end of the PE file.\",\"PeriodicalId\":109588,\"journal\":{\"name\":\"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484612\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484612","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

机器学习模型是检测恶意软件的一种强大的新技术。然而，它们非常容易受到使用对抗性示例的攻击。对Windows可移植可执行文件(PE)进行分类的机器学习模型很难使用这种方法进行攻击，因为很难在不损害其功能的情况下操作可执行文件格式。在本文中，我们的目标是提出并开发针对MalConv等模型的高级攻击，这些模型放弃了特征工程，而倾向于将整个可执行文件作为原始字节序列摄取。我们将尝试发现比当前方法更复杂和更难以检测的攻击方法，这些方法只是将大量特制的字节序列附加到PE文件的末尾。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improving Adversarial Attacks Against Executable Raw Byte Classifiers

Machine learning models serve as a powerful new technique for detecting malware. However, they are extremely vulnerable to attacks using adversarial examples. Machine learning models that classify Windows Portable Executable (PE) files are challenging to attack using this method due to the difficulty of manipulating executable file formats without compromising their functionality. In this paper, our objective is to propose and develop advanced attacks against models such as MalConv, which forgo feature engineering in favor of ingesting the entire executable file as a raw byte sequence. We will attempt to discover attack methods that are much more sophisticated and difficult to detect than current methods that simply append large amounts of specially-crafted byte sequences to the end of the PE file.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)

自引率

0.00%

发文量