Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection

Demetrio, Luca; Coull, Scott E.; Biggio, Battista; Lagorio, Giovanni; Armando, Alessandro; Roli, Fabio

doi:10.48550/arxiv.2008.07125

Cited by 7 publications

(13 citation statements)

References 14 publications

(58 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [37], Demetrio et al propose a general adversarial attack framework (RAMEn) against PE malware detectors based on two novel functionality-preserving manipulations, namely Extend and Shift, which inject adversarial payloads by extending the DOS header and shifting the content of the first section in PE files, respectively. In fact, the adversarial payload generation can be optimized in both white-box and black-box settings.…”

Section: White-box Adversarial Attacks Against Pe Malware Detectionmentioning

confidence: 99%

“…To make it more stealthy than previous adversarial attacks [35,37,64], Sharif et al propose a new kind of adversarial attacks based on binary diversification techniques which manipulate the instructions of binaries in a fine-grained function level via two kinds of functionality-preserving transformations, i.e., in-place randomization and code displacement [84,123]. In order to guide the transformations that are applied to the PE malware under the white-box setting, they use a gradient ascent optimization to select the transformation only if it shifts its embeddings in a direction similar to the gradient of the attack loss function [14] with respect to its embeddings.…”

Section: White-box Adversarial Attacks Against Pe Malware Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

Ling¹,

Wu²,

Zhang³

et al. 2021

Preprint

View full text Add to dashboard Cite

The malware has been being one of the most damaging threats to computers that span across multiple operating systems and various file formats. To defend against the ever-increasing and ever-evolving threats of malware, tremendous efforts have been made to propose a variety of malware detection methods that attempt to effectively and efficiently detect malware so as to mitigate possible damages as earlier as possible. Recent studies have shown that, one the one hand, existing machine learning (ML) and deep learning (DL) techniques enable the superior detection of newly emerging and previously unseen malware. However, on the other hand, ML and DL models are inherently vulnerable to adversarial attacks in the form of adversarial examples, which are maliciously generated by slightly and carefully perturbing the legitimate inputs to confuse the targeted models. Basically, adversarial attacks are initially extensively studied in the domain of computer vision like image classification, and some quickly expanded to other domains, including natural language processing, audio recognition and even malware detection which is extremely critical to computers.In this paper, we focus on malware with the file format of portable executable (PE) in the family of Windows operating systems, namely Windows PE malware, as a representative case to study the adversarial attack methods in such adversarial settings. To be specific, we start by first outlining the general learning framework of Windows PE malware detection based on ML/DL and subsequently highlighting three unique challenges of performing adversarial attacks in the context of Windows PE malware. We then conduct a comprehensive and systematic review to categorize the state-of-the-art adversarial attacks against PE malware detection, as well as corresponding defenses to increase the robustness of Windows PE malware detection. We conclude the paper by first presenting other related attacks against Windows PE malware detection beyond the adversarial attacks and then shedding light on future research directions and opportunities. In addition, a curated resource list of adversarial attacks and defenses for Windows PE malware detection is also available at https://github.com/ryderling/adversarial-attacks-and-defenses-for-windows-pe-malware-detection. CCS Concepts: • Security and privacy → Intrusion/anomaly detection and malware mitigation; • Theory of computation → Adversarial learning.

show abstract

Section: White-box Adversarial Attacks Against Pe Malware Detectionmentioning

confidence: 99%

Section: White-box Adversarial Attacks Against Pe Malware Detectionmentioning

confidence: 99%

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

Ling¹,

Wu²,

Zhang³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Adversarial examples are carefully crafted samples to fool the ML model. Previous work has already illustrated how a clever attacker can augment the correctly classified malware with malicious components to cause the ML model to misclassify it [15,16,8,28]. These attacks mostly inject malicious components to the non-reachable parts of the malware, such as padding bytes to the end of the malware or injecting malicious payload to the malware's DOS header.…”

Section: Future Directionmentioning

confidence: 99%

A Survey on Common Threats in npm and PyPi Registries

Kaplan

Qian

2021

Preprint

View full text Add to dashboard Cite

Software engineers regularly use JavaScript and Python for both front-end and back-end automation tasks. On top of JavaScript and Python, there are several frameworks to facilitate automation tasks further. Some of these frameworks are Node Manager Package (npm) and Python Package Index (PyPi), which are open source (OS) package libraries. The public registries npm and PyPi use to host packages allow any user with a verified email to publish code. The lack of a comprehensive scanning tool when publishing to the registry creates security concerns. Users can report malicious code on the registry; however, attackers can still cause damage until they remove their tool from the platform. Furthermore, several packages depend on each other, making them more vulnerable to a bad package in the dependency tree. The heavy code reuse creates security artifacts developers have to consider, such as the package reach. This project will illustrate a high-level overview of common risks associated with OS registries and the package dependency structure. There are several attack types, such as typosquatting and combosquatting, in the OS package registries. Outdated packages pose a security risk, and we will examine the extent of technical lag present in the npm environment. In this paper, our main contribution consists of a survey of common threats in OS registries. Afterward, we will offer countermeasures to mitigate the risks presented. These remedies will heavily focus on the applications of Machine Learning (ML) to detect suspicious activities. To the best of our knowledge, the ML-focused countermeasures are the first proposed possible solutions to the security problems listed. In addition, this project is the first survey of threats in npm and PyPi, although several studies focus on a subset of threats.

show abstract

“…A prevalent modification strategy in the literature and previous competitions against learning methods is to add unused content in areas that are not relevant for the functionality of a program [e.g. 15,45]. In particular, adversaries exploit the semantic gap, that is, the discrepancy between extracted features and the actual processed part of a PE file [20].…”

Section: A File Modificationmentioning

confidence: 99%

“…In the context of PE files, an adversary can exploit or create unused areas at multiple locations [15]. As Figure 3 highlights, it is possible to enlarge the DOS header, to fill the slack space at the end of each section, or to append bytes to the overlay, i.e., to the end of the PE file.…”

Section: A File Modificationmentioning

confidence: 99%

Against All Odds: Winning the Defense Challenge in an Evasion Competition with Diversification

Quiring¹,

Pirch²,

Reimsbach³

et al. 2020

Preprint

View full text Add to dashboard Cite

Machine learning-based systems for malware detection operate in a hostile environment. Consequently, adversaries will also target the learning system and use evasion attacks to bypass the detection of malware. In this paper, we outline our learning-based system PEberus that got the first place in the defender challenge of the Microsoft Evasion Competition, resisting a variety of attacks from independent attackers. Our system combines multiple, diverse defenses: we address the semantic gap, use various classification models, and apply a stateful defense. This competition gives us the unique opportunity to examine evasion attacks under a realistic scenario. It also highlights that existing machine learning methods can be hardened against attacks by thoroughly analyzing the attack surface and implementing concepts from adversarial learning. Our defense can serve as an additional baseline in the future to strengthen the research on secure learning 1 .

show abstract

Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection

Cited by 7 publications

References 14 publications

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

A Survey on Common Threats in npm and PyPi Registries

Against All Odds: Winning the Defense Challenge in an Evasion Competition with Diversification

Contact Info

Product

Resources

About