Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables

Kolosnjaji, Bojan; Demontis, Ambra; Biggio, Battista; Maiorca, Davide; Giacinto, Giorgio; Eckert, Claudia; Roli, Fabio

doi:10.23919/eusipco.2018.8553214

Cited by 244 publications

(208 citation statements)

References 18 publications

Supporting

Mentioning

202

Contrasting

Order By: Relevance

“…On this dataset, we use the pretrained MalConv model released with the dataset. In addition, we also created a smaller dataset whose size and distribution is more in line with Kolosnjaji et al's evaluation [8], which we refer to as the Mini dataset. The Mini dataset was created by sampling 4,000 goodware and 4,598 malware samples from the Full dataset.…”

Section: Datasetsmentioning

confidence: 99%

“…Second, limited availability of representative datasets or robust public models limits the generality of existing studies. Existing attacks [8], [9] use victim models trained on very small datasets, and make various assumptions regarding their strategies. Therefore, the generalization effectiveness across production-scale models and the trade-offs between various proposed strategies is yet to be evaluated.…”

Section: Introductionmentioning

confidence: 99%

“…• We measure the generalization property of adversarial attacks across datasets, highlighting common properties and trade-offs between various strategies. • We unearth an architectural weakness of a published CNN architecture that facilitates existing attack strategies [8], [9]. • We investigate the transferability of single-step adversarial examples across models trained on different datasets.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Exploring Adversarial Examples in Malware Detection

Suciu

Coull

Johns

2019

2019 IEEE Security and Privacy Workshops (SPW)

149

131

View full text Add to dashboard Cite

The convolutional neural network (CNN) architecture is increasingly being applied to new domains, such as malware detection, where it is able to learn malicious behavior from raw bytes extracted from executables. These architectures reach impressive performance with no feature engineering effort involved, but their robustness against active attackers is yet to be understood. Such malware detectors could face a new attack vector in the form of adversarial interference with the classification model. Existing evasion attacks intended to cause misclassification on test-time instances, which have been extensively studied for image classifiers, are not applicable because of the input semantics that prevents arbitrary changes to the binaries. This paper explores the area of adversarial examples for malware detection. By training an existing model on a production-scale dataset, we show that some previous attacks are less effective than initially reported, while simultaneously highlighting architectural weaknesses that facilitate new attack strategies for malware classification. Finally, we explore how generalizable different attack strategies are, the trade-offs when aiming to increase their effectiveness, and the transferability of single-step attacks.

show abstract

Section: Datasetsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Exploring Adversarial Examples in Malware Detection

Suciu

Coull

Johns

2019

2019 IEEE Security and Privacy Workshops (SPW)

149

131

View full text Add to dashboard Cite

show abstract

“…Kolosnjaji et al () have investigated the vulnerability of malware detection methods. They have used deep neural networks to learn from raw bytes of binaries.…”

Section: Adversarial Attacksmentioning

confidence: 99%

“…One of the challenges in developing such models are intelligent adversaries who are actively trying to evade them by perturbing the trained model (Grosse, Papernot, Manoharan, Backes, & McDaniel, 2017). Kolosnjaji et al (2018) have investigated the vulnerability of malware detection methods. They have used deep neural networks to learn from raw bytes of binaries.…”

Section: Adversarial Attacksmentioning

confidence: 99%

Machine learning in cybersecurity: A review

Handa

Sharma

Shukla

2019

WIREs Data Min & Knowl

View full text Add to dashboard Cite

Machine learning technology has become mainstream in a large number of domains, and cybersecurity applications of machine learning techniques are plenty. Examples include malware analysis, especially for zero‐day malware detection, threat analysis, anomaly based intrusion detection of prevalent attacks on critical infrastructures, and many others. Due to the ineffectiveness of signature‐based methods in detecting zero day attacks or even slight variants of known attacks, machine learning‐based detection is being used by researchers in many cybersecurity products. In this review, we discuss several areas of cybersecurity where machine learning is used as a tool. We also provide a few glimpses of adversarial attacks on machine learning algorithms to manipulate training and test data of classifiers, to render such tools ineffective. This article is categorized under: Application Areas > Science and Technology Technologies > Machine Learning Technologies > Classification Application Areas > Data Mining Software Tools

show abstract

Adversarial Examples: Challenges and Solutions

2022

Cybersecurity in Intelligent Networking Systems

View full text Add to dashboard Cite

Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables

Cited by 244 publications

References 18 publications

Exploring Adversarial Examples in Malware Detection

Exploring Adversarial Examples in Malware Detection

Machine learning in cybersecurity: A review

Adversarial Examples: Challenges and Solutions

Contact Info

Product

Resources

About