利用Windows PE结构进行对抗性恶意软件规避攻击

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy Pub Date : 2023-04-24 DOI:10.1145/3577923.3585044

K. Aryal, Maanak Gupta, Mahmoud Abdelsalam

{"title":"利用Windows PE结构进行对抗性恶意软件规避攻击","authors":"K. Aryal, Maanak Gupta, Mahmoud Abdelsalam","doi":"10.1145/3577923.3585044","DOIUrl":null,"url":null,"abstract":"The last decade has seen phenomenal growth in the application of machine learning. At this point, it won't be wrong to claim that most technological change is directly or indirectly connected to machine learning. Along with machine learning, cyber-attacks have also bloomed in this period. Machine learning has been a great aid to cybersecurity, but the security of machine learning has not been a topic of attention until recently. Among numerous threats posed to the machine learning community, the Adversarial Evasion attack is the latest menace. The adversarial evasion attack has exposed the vulnerability of the modern deep neural network to a few intentionally perturbed data samples. The adversarial evasion attacks originated from the image domain but have now spread across major application domains of machine learning. This work will discuss the state-of-art adversarial evasion attacks against the Windows PE Malware detectors. The structure of a file plays a significant role in how an adversarial evasion attack can be carried out to a file. We will discuss the robustness and weakness of the Windows PE file structure toward the adversarial evasion approach. We will present the existing approaches to exploiting Windows PE file structure and their limitations. We will also propose a noble way to manipulate Windows PE structure to carry out an adversarial evasion attack.","PeriodicalId":387479,"journal":{"name":"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy","volume":"116 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Exploiting Windows PE Structure for Adversarial Malware Evasion Attacks\",\"authors\":\"K. Aryal, Maanak Gupta, Mahmoud Abdelsalam\",\"doi\":\"10.1145/3577923.3585044\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The last decade has seen phenomenal growth in the application of machine learning. At this point, it won't be wrong to claim that most technological change is directly or indirectly connected to machine learning. Along with machine learning, cyber-attacks have also bloomed in this period. Machine learning has been a great aid to cybersecurity, but the security of machine learning has not been a topic of attention until recently. Among numerous threats posed to the machine learning community, the Adversarial Evasion attack is the latest menace. The adversarial evasion attack has exposed the vulnerability of the modern deep neural network to a few intentionally perturbed data samples. The adversarial evasion attacks originated from the image domain but have now spread across major application domains of machine learning. This work will discuss the state-of-art adversarial evasion attacks against the Windows PE Malware detectors. The structure of a file plays a significant role in how an adversarial evasion attack can be carried out to a file. We will discuss the robustness and weakness of the Windows PE file structure toward the adversarial evasion approach. We will present the existing approaches to exploiting Windows PE file structure and their limitations. We will also propose a noble way to manipulate Windows PE structure to carry out an adversarial evasion attack.\",\"PeriodicalId\":387479,\"journal\":{\"name\":\"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"116 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3577923.3585044\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3577923.3585044","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

在过去的十年里，机器学习的应用出现了惊人的增长。在这一点上，声称大多数技术变革都直接或间接地与机器学习有关是没有错的。随着机器学习，网络攻击也在这一时期蓬勃发展。机器学习对网络安全有很大的帮助，但机器学习的安全性直到最近才成为人们关注的话题。在机器学习社区面临的众多威胁中，对抗性规避攻击是最新的威胁。对抗性规避攻击暴露了现代深度神经网络对少量故意扰动数据样本的脆弱性。对抗性逃避攻击起源于图像领域，但现在已经蔓延到机器学习的主要应用领域。本工作将讨论针对Windows PE恶意软件检测器的最先进的对抗性规避攻击。文件的结构在如何对文件进行对抗性规避攻击中起着重要作用。我们将讨论Windows PE文件结构对对抗性规避方法的健壮性和弱点。我们将介绍利用Windows PE文件结构的现有方法及其局限性。我们还将提出一种高贵的方法来操纵Windows PE结构来执行对抗性规避攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Exploiting Windows PE Structure for Adversarial Malware Evasion Attacks

The last decade has seen phenomenal growth in the application of machine learning. At this point, it won't be wrong to claim that most technological change is directly or indirectly connected to machine learning. Along with machine learning, cyber-attacks have also bloomed in this period. Machine learning has been a great aid to cybersecurity, but the security of machine learning has not been a topic of attention until recently. Among numerous threats posed to the machine learning community, the Adversarial Evasion attack is the latest menace. The adversarial evasion attack has exposed the vulnerability of the modern deep neural network to a few intentionally perturbed data samples. The adversarial evasion attacks originated from the image domain but have now spread across major application domains of machine learning. This work will discuss the state-of-art adversarial evasion attacks against the Windows PE Malware detectors. The structure of a file plays a significant role in how an adversarial evasion attack can be carried out to a file. We will discuss the robustness and weakness of the Windows PE file structure toward the adversarial evasion approach. We will present the existing approaches to exploiting Windows PE file structure and their limitations. We will also propose a noble way to manipulate Windows PE structure to carry out an adversarial evasion attack.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy

自引率

0.00%

发文量