Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN

Hu, Weiwei; Ying, Tan

doi:10.48550/arxiv.1702.05983

Cited by 127 publications

(135 citation statements)

References 4 publications

Supporting

Mentioning

135

Contrasting

Order By: Relevance

“…One of the primary factors that determines a good adversarial example generation algorithm is the types of modifications it makes to input executables [9]. Each of the two frameworks we are testing have a distinct set of these actions they can take on a given sample in an attempt to transform it into an evasive one.…”

Section: Modificationsmentioning

confidence: 99%

“…This machine learning oriented approach offers several key benefits over traditional methods like a purely signature-based comparison over a database of known samples. For one, bad faith actors do not typically have knowledge of the training techniques or parameters of the machine learning model used in commercial antivirus software, forcing them to perform black-box attacks and so making it more difficult for them to exploit the algorithm with the aim of causing a misclassification [9]. Furthermore, machine learning models function by extracting features such as instruction sequences and section names from input data and comparing them to the same features found in known malware samples [10].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Dissecting Malware in the Wild

Spencer¹,

Wang²,

Sun³

et al. 2021

Preprint

View full text Add to dashboard Cite

With the increasingly rapid development of new malicious computer software by bad faith actors, both commercial and researchoriented antivirus detectors have come to make greater use of machine learning tactics to identify such malware as harmful before end users are exposed to their effects. This, in turn, has spurred the development of tools that allow for known malware to be manipulated such that they can evade being classified as dangerous by these machine learning-based detectors, while retaining their malicious functionality. These manipulations function by applying a set of changes that can be made to Windows programs that result in a different file structure and signature without altering the software's capabilities. Various proposals have been made for the most effective way of applying these alterations to input malware to deceive static malware detectors; the purpose of this research is to examine these proposals and test their implementations to determine which tactics tend to generate the most successful attacks.

show abstract

Section: Modificationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Dissecting Malware in the Wild

Spencer¹,

Wang²,

Sun³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Consequently, strategically modifying features of a malware binary can modify their signature without altering their malicious functionality. Feature modification techniques first transform or embed the bytes of the malware binary into a latent feature space and then modify those features [24]. However, it must be noted that it is non-trivial to reverse transform the modified features into their byte-level equivalents to get the modified binary.…”

Section: Introductionmentioning

confidence: 99%

“…Fang et al [18] proposed another reinforcement learning technique called AC3Mal to determine a rule or policy that converts malware to adversarial by performing different actions on a binary [2] such as appending bytes, sections, or libraries, removing sections, and modifying the binary's signature certificate, to modify the features of the binary and make it evasive while preserving its functionality. Authors have also pro-posed generative adversarial networks (GANs) [24], enhanced with Monte Carlo Tree Search [44] to generate adversarial malware by modifying features of the binary.…”

Section: Introductionmentioning

confidence: 99%

A Comparison of State-of-the-Art Techniques for Generating Adversarial Malware Binaries

Dasgupta¹,

Osman²

2021

Preprint

View full text Add to dashboard Cite

We consider the problem of generating adversarial malware by a cyber-attacker where the attacker's task is to strategically modify certain bytes within existing binary malware files, so that the modified files are able to evade a malware detector such as machine learning-based malware classifier. We have evaluated three recent adversarial malware generation techniques using binary malware samples drawn from a single, publicly available malware data set and compared their performances for evading a machine-learning based malware classifier called Mal-Conv. Our results show that among the compared techniques, the most effective technique is the one that strategically modifies bytes in a binary's header. We conclude by discussing the lessons learned and future research directions on the topic of adversarial malware generation.

show abstract

“…Indeed, currently all commercial malware detectors use machine learning. However, one shortcoming of current static malware detectors is that they can be easily evaded by changing a malware trivially without changing the core of the malware [1]- [10]. Fundamentally, the adversarial attacks use one simple technique: add or modify selected content to the malware.…”

Section: Introductionmentioning

confidence: 99%

MALIGN: Adversarially Robust Malware Family Detection using Sequence Alignment

Saha¹,

Afroz²,

Rahman³

2021

Preprint

View full text Add to dashboard Cite

We propose MALIGN, a novel malware family detection approach inspired by genome sequence alignment. MALIGN encodes malware using four nucleotides and then uses genome sequence alignment approaches to create a signature of a malware family based on the code fragments conserved in the family making it robust to evasion by modification and addition of content. Moreover, unlike previous approaches based on sequence alignment, our method uses a multiple wholegenome alignment tool that protects against adversarial attacks such as code insertion, deletion or modification. Our approach outperforms state-of-the-art machine learning based malware detectors and demonstrates robustness against trivial adversarial attacks. MALIGN also helps identify the techniques malware authors use to evade detection.

show abstract

Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN

Cited by 127 publications

References 4 publications

Dissecting Malware in the Wild

Dissecting Malware in the Wild

A Comparison of State-of-the-Art Techniques for Generating Adversarial Malware Binaries

MALIGN: Adversarially Robust Malware Family Detection using Sequence Alignment

Contact Info

Product

Resources

About