针对windows PE恶意软件文件的对抗性规避攻击的段内代码洞注入

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-10-04 DOI:10.1016/j.cose.2025.104690

Kshitiz Aryal , Maanak Gupta , Mahmoud Abdelsalam , Moustafa Saleh

{"title":"针对windows PE恶意软件文件的对抗性规避攻击的段内代码洞注入","authors":"Kshitiz Aryal , Maanak Gupta , Mahmoud Abdelsalam , Moustafa Saleh","doi":"10.1016/j.cose.2025.104690","DOIUrl":null,"url":null,"abstract":"<div><div>Windows malware is predominantly available in cyberspace and is a prime target for deliberate adversarial evasion attacks. Although researchers have investigated the adversarial malware attack problem, a multitude of important questions remain unanswered, including (a) Are the existing techniques to inject adversarial perturbations in Windows Portable Executable (PE) malware files effective enough for evasion purposes?; (b) Does the attack process preserve the original behavior of malware?; (c) Are there unexplored approaches/locations that can be used to carry out adversarial evasion attacks on Windows PE malware?; and (d) What are the optimal locations and sizes of adversarial perturbations required to evade an ML-based malware detector without significant structural change in the PE file? To answer some of these questions, this work proposes a novel approach that injects a code cave within the section (i.e., intra-section) of Windows PE malware files to make space for adversarial perturbations. Additionally, a code loader is injected into the PE file, which reverses the effects of adversarial malware during execution, preserving the malware’s functionality and executability. To understand the effectiveness of our approach, we inject adversarial perturbations inside the <span>.text</span>, <span>.data</span> and <span>.rdata</span> sections, generated using the gradient descent and Fast Gradient Sign Method (FGSM) to target the two popular CNN-based malware detectors, MalConv and MalConv2. Our experimental analysis yielded impressive results, achieving an evasion rate of 92.31% with gradient descent and 96.26% with FGSM when targeting MalConv, as compared to the evasion rate of 16.17% for append attacks. Similarly, in the case of an attack against MalConv2, our approach achieves a remarkable maximum evasion rate of 97.93% with gradient descent and 94.34% with FGSM, significantly surpassing the 4.01% and 54.75% evasion rates observed with append attacks.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104690"},"PeriodicalIF":5.4000,"publicationDate":"2025-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Intra-section code cave injection for adversarial evasion attacks on windows PE malware file\",\"authors\":\"Kshitiz Aryal , Maanak Gupta , Mahmoud Abdelsalam , Moustafa Saleh\",\"doi\":\"10.1016/j.cose.2025.104690\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Windows malware is predominantly available in cyberspace and is a prime target for deliberate adversarial evasion attacks. Although researchers have investigated the adversarial malware attack problem, a multitude of important questions remain unanswered, including (a) Are the existing techniques to inject adversarial perturbations in Windows Portable Executable (PE) malware files effective enough for evasion purposes?; (b) Does the attack process preserve the original behavior of malware?; (c) Are there unexplored approaches/locations that can be used to carry out adversarial evasion attacks on Windows PE malware?; and (d) What are the optimal locations and sizes of adversarial perturbations required to evade an ML-based malware detector without significant structural change in the PE file? To answer some of these questions, this work proposes a novel approach that injects a code cave within the section (i.e., intra-section) of Windows PE malware files to make space for adversarial perturbations. Additionally, a code loader is injected into the PE file, which reverses the effects of adversarial malware during execution, preserving the malware’s functionality and executability. To understand the effectiveness of our approach, we inject adversarial perturbations inside the <span>.text</span>, <span>.data</span> and <span>.rdata</span> sections, generated using the gradient descent and Fast Gradient Sign Method (FGSM) to target the two popular CNN-based malware detectors, MalConv and MalConv2. Our experimental analysis yielded impressive results, achieving an evasion rate of 92.31% with gradient descent and 96.26% with FGSM when targeting MalConv, as compared to the evasion rate of 16.17% for append attacks. Similarly, in the case of an attack against MalConv2, our approach achieves a remarkable maximum evasion rate of 97.93% with gradient descent and 94.34% with FGSM, significantly surpassing the 4.01% and 54.75% evasion rates observed with append attacks.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"159 \",\"pages\":\"Article 104690\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2025-10-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825003797\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003797","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

Windows恶意软件主要存在于网络空间，是蓄意对抗性规避攻击的主要目标。虽然研究人员已经调查了对抗性恶意软件攻击问题，但许多重要的问题仍然没有得到回答，包括(a)现有的在Windows可移植可执行（PE）恶意软件文件中注入对抗性扰动的技术是否足以有效地逃避目的？(b)攻击过程是否保留了恶意软件的原始行为？(c)是否有未开发的方法/位置可用于对Windows PE恶意软件进行对抗性规避攻击？(d)在PE文件中没有重大结构变化的情况下，规避基于ml的恶意软件检测器所需的对抗性扰动的最佳位置和大小是什么？为了回答其中的一些问题，这项工作提出了一种新的方法，即在Windows PE恶意软件文件的部分（即部分内）注入代码洞，为对抗性扰动腾出空间。此外，在PE文件中注入一个代码加载器，它在执行期间逆转了对抗性恶意软件的影响，保留了恶意软件的功能和可执行性。为了理解我们方法的有效性，我们将对抗性扰动注入。文本。数据和。使用梯度下降和快速梯度符号方法（FGSM）生成的rdata部分，针对两种流行的基于cnn的恶意软件检测器MalConv和MalConv2。我们的实验分析产生了令人印象深刻的结果，在针对MalConv的攻击中，梯度下降攻击的逃避率为92.31%，FGSM攻击的逃避率为96.26%，而附加攻击的逃避率为16.17%。同样，在针对MalConv2的攻击中，我们的方法在梯度下降和FGSM下的最大逃避率分别达到了97.93%和94.34%，显著超过了附加攻击的4.01%和54.75%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Intra-section code cave injection for adversarial evasion attacks on windows PE malware file

Windows malware is predominantly available in cyberspace and is a prime target for deliberate adversarial evasion attacks. Although researchers have investigated the adversarial malware attack problem, a multitude of important questions remain unanswered, including (a) Are the existing techniques to inject adversarial perturbations in Windows Portable Executable (PE) malware files effective enough for evasion purposes?; (b) Does the attack process preserve the original behavior of malware?; (c) Are there unexplored approaches/locations that can be used to carry out adversarial evasion attacks on Windows PE malware?; and (d) What are the optimal locations and sizes of adversarial perturbations required to evade an ML-based malware detector without significant structural change in the PE file? To answer some of these questions, this work proposes a novel approach that injects a code cave within the section (i.e., intra-section) of Windows PE malware files to make space for adversarial perturbations. Additionally, a code loader is injected into the PE file, which reverses the effects of adversarial malware during execution, preserving the malware’s functionality and executability. To understand the effectiveness of our approach, we inject adversarial perturbations inside the .text, .data and .rdata sections, generated using the gradient descent and Fast Gradient Sign Method (FGSM) to target the two popular CNN-based malware detectors, MalConv and MalConv2. Our experimental analysis yielded impressive results, achieving an evasion rate of 92.31% with gradient descent and 96.26% with FGSM when targeting MalConv, as compared to the evasion rate of 16.17% for append attacks. Similarly, in the case of an attack against MalConv2, our approach achieves a remarkable maximum evasion rate of 97.93% with gradient descent and 94.34% with FGSM, significantly surpassing the 4.01% and 54.75% evasion rates observed with append attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.