Adversarial Deep Learning for Robust Detection of Binary Encoded Malware

Al-Dujaili, Abdullah; Huang, Alex; Hemberg, Erik; O’Reilly, Una-May

doi:10.1109/spw.2018.00020

Cited by 137 publications

(126 citation statements)

References 24 publications

Supporting

Mentioning

112

Contrasting

Order By: Relevance

“…In [1], methods are introduced that are capable of generating functionally preserved adversarial malware examples in the binary domain. Using the saddle-point formulation, they incorporate the adversarial examples into the training of models that are robust to them.…”

Section: Adversarial Malwarementioning

confidence: 99%

“…We follow the notation in [1]. The data distribution D contains tuples of binary representations of executable files and their corresponding labels.…”

Section: Context 31 Notation and Saddle-point Formulationmentioning

confidence: 99%

“…As outlined in [1], following [16], the samples obtained via (2) need to be incorporated into the training process, given by (1), to harden the model. The resulting problem becomes:…”

Section: Context 31 Notation and Saddle-point Formulationmentioning

confidence: 99%

“…Any small perturbation of a given sample in the continuous space yields a valid data point, and numerous methods of finding minimal changes that fool classifiers have been proposed [9]. It is shown in [1] that these methods can be used to train a robust malware classifier, i.e., a malware detector that is hard to evade. In most cyber security applications, however, and in particular in malware classification, the feature space frequently contains discrete features.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

The Robust Malware Detection Challenge and Greedy Random Accelerated Multi-Bit Search

Verwer

Nadeem

Hammerschmidt

et al. 2020

Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

Self Cite

View full text Add to dashboard Cite

Training classifiers that are robust against adversarially modified examples is becoming increasingly important in practice. In the field of malware detection, adversaries modify malicious binary files to seem benign while preserving their malicious behavior. We report on the results of a recently held robust malware detection challenge. There were two tracks in which teams could participate: the attack track asked for adversarially modified malware samples and the defend track asked for trained neural network classifiers that are robust to such modifications. The teams were unaware of the attacks/defenses they had to detect/evade. Although only 9 teams participated, this unique setting allowed us to make several interesting observations. We also present the challenge winner: GRAMS, a family of novel techniques to train adversarially robust networks that preserve the intended (malicious) functionality and yield high-quality adversarial samples. These samples are used to iteratively train a robust classifier. We show that our techniques, based on discrete optimization techniques, beat purely gradient-based methods. GRAMS obtained first place in both the attack and defend tracks of the competition. CCS CONCEPTS • Security and privacy → Malware and its mitigation; • Computing methodologies → Adversarial learning; Neural networks; Discrete space search; Randomized search.

show abstract

Section: Adversarial Malwarementioning

confidence: 99%

“…We follow the notation in [1]. The data distribution D contains tuples of binary representations of executable files and their corresponding labels.…”

Section: Context 31 Notation and Saddle-point Formulationmentioning

confidence: 99%

“…As outlined in [1], following [16], the samples obtained via (2) need to be incorporated into the training process, given by (1), to harden the model. The resulting problem becomes:…”

Section: Context 31 Notation and Saddle-point Formulationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The Robust Malware Detection Challenge and Greedy Random Accelerated Multi-Bit Search

Verwer

Nadeem

Hammerschmidt

et al. 2020

Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…Many of the studies on malware classification stem from the Microsoft 2015 Kaggle competition [9], in which deep learning methods based on the visual feature of malware obtained an accuracy of 99.8%. Yet deep learning-based methods suffer from several problems including (i) the complexity of the model structure prevents interpretability and explainability, (ii) the features extracted (especially visual feature) consume too much memory and their validity remains vague, (iii) the model can be attacked by gradient based adversarial methods as in image classification tasks [10]- [12]. Recently, fuzzy theory has been incorporated into deep learning system to provide interpretability and robustness [13]- [16].…”

Section: Introductionmentioning

confidence: 99%

Large-Scale Malicious Software Classification With Fuzzified Features and Boosted Fuzzy Random Forest

Wang

Liew

et al. 2021

IEEE Trans. Fuzzy Syst.

View full text Add to dashboard Cite

Classification of malicious software, especially in a very large dataset, is a challenging task for machine intelligence. Malware can have highly diversified features, each of which has highly heterogeneous distributions. These factors increase the difficulties for traditional data analytic approaches to deal with them. Although deep learning-based methods have reported good classification performance, the deep models usually lack interpretability and are fragile under adversarial attacks. To solve these problems, fuzzy systems have become a competitive candidate in malware analysis. In this paper, a new fuzzy-based approach is proposed for malware classification. We focused on portable executable files in the Windows platform and analyzed the distributions of static features and content-oriented features. Fuzzification was used to reduce the ubiquitous impact of noise and outliers in a very large dataset. Finally, a novel boosted classifier consisted of fuzzy decision trees and support vector machine is proposed to perform the malware classification. By using fuzzy decision trees, the inner structure of the classifier can be readily interpreted as discriminative rules, while the novel boosting strategy provides state-of-the-art classification performance. Extensive experimental results showed that our method significantly outperformed several state-of-the-art classifiers.

show abstract

On Effectiveness of Adversarial Examples and Defenses for Malware Classification

Takabi

2019

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Artificial neural networks have been successfully used for many different classification tasks including malware detection and distinguishing between malicious and non-malicious programs. Although artificial neural networks perform very well on these tasks, they are also vulnerable to adversarial examples. An adversarial example is a sample that has minor modifications made to it so that the neural network misclassifies it. Many techniques have been proposed, both for crafting adversarial examples and for hardening neural networks against them. Most previous work has been done in the image domain. Some of the attacks have been adopted to work in the malware domain which typically deals with binary feature vectors. In order to better understand the space of adversarial examples in malware classification, we study different approaches of crafting adversarial examples and defense techniques in the malware domain and compare their effectiveness on multiple datasets.

show abstract

Adversarial Deep Learning for Robust Detection of Binary Encoded Malware

Cited by 137 publications

References 24 publications

The Robust Malware Detection Challenge and Greedy Random Accelerated Multi-Bit Search

The Robust Malware Detection Challenge and Greedy Random Accelerated Multi-Bit Search

Large-Scale Malicious Software Classification With Fuzzified Features and Boosted Fuzzy Random Forest

On Effectiveness of Adversarial Examples and Defenses for Malware Classification

Contact Info

Product

Resources

About