Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN

Hu, Weiwei; Ying, Tan

doi:10.1007/978-981-19-8991-9_29

Cited by 80 publications

(42 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, these techniques are ineffective for higher-level representations such as those based on API calls. For this purpose, many works insert additional API calls in feature space to add noise in the representation and evade the detection systems [170][171][172][173][174][175][176]. In other works, reinforcement learning (RL) is leveraged to manipulate the original malware in order to evade detection while maintaining a correct format and semantic [177][178][179].…”

Section: Adversarial Attacks and Malware Detectionmentioning

confidence: 99%

A Survey on Malware Detection with Graph Representation Learning

Bilot¹,

Madhoun²,

Agha³

et al. 2023

Preprint

View full text Add to dashboard Cite

Malware detection has become a major concern due to the increasing number and complexity of malware. Traditional detection methods based on signatures and heuristics are used for malware detection, but unfortunately, they suffer from poor generalization to unknown attacks and can be easily circumvented using obfuscation techniques. In recent years, Machine Learning (ML) and notably Deep Learning (DL) achieved impressive results in malware detection by learning useful representations from data and have become a solution preferred over traditional methods. More recently, the application of such techniques on graph-structured data has achieved state-of-the-art performance in various domains and demonstrates promising results in learning more robust representations from malware. Yet, no literature review focusing on graph-based deep learning for malware detection exists. In this survey, we provide an in-depth literature review to summarize and unify existing works under the common approaches and architectures. We notably demonstrate that Graph Neural Networks (GNNs) reach competitive results in learning robust embeddings from malware represented as expressive graph structures, leading to an efficient detection by downstream classifiers. This paper also reviews adversarial attacks that are utilized to fool graph-based detection methods. Challenges and future research directions are discussed at the end of the paper. CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Malware and its mitigation; • Computing methodologies → Learning latent representations; Neural networks; Spectral methods.

show abstract

Section: Adversarial Attacks and Malware Detectionmentioning

confidence: 99%

A Survey on Malware Detection with Graph Representation Learning

Bilot¹,

Madhoun²,

Agha³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…The idea of generating fake features for obfuscation and adversarial attacks on malware systems is not new. For example, Hu et al [22] and Kawai et al [27] proposed MalGAN to bypass black-box machine learning based detection models. MalGAN uses the output of a black-box model and employs GAN to generate fake samples.…”

Section: Related Workmentioning

confidence: 99%

“…StyleGAN was also used to create the trending website "thispersondoesnotexist.com". MalGAN is a GAN technique that was designed specifically to deal with malware images [22,27]. In this paper, we consider the utility of GANs for adversarial attacks on image-based malware systems.…”

Section: Introductionmentioning

confidence: 99%

Generative adversarial networks and image-based malware classification

Nguyễn

Troia

Ishigaki

et al. 2023

J Comput Virol Hack Tech

View full text Add to dashboard Cite

For efficient malware removal, determination of malware threat levels, and damage estimation, malware family classification plays a critical role. In this paper, we extract features from malware executable files and represent them as images using various approaches. We then focus on generative adversarial networks (GAN) for multiclass classification and compare our GAN results to other popular machine learning techniques, including support vector machine (SVM), XGBoost, and restricted Boltzmann machines (RBM). We find that the AC-GAN discriminator is generally competitive with other machine learning techniques. We also evaluate the utility of the GAN generative model for adversarial attacks on image-based malware detection. While AC-GAN generated images are visually impressive, we find that they are easily distinguished from real malware images using any of several learning techniques. This result indicates that our GAN generated images are of surprisingly little value in adversarial attacks.

show abstract

“…The featurespace of Windows payload files is not fixed and can take various forms of feature engineering. This characteristic almost makes the payload feature-space impracticable to discover an approximate or exact function that is differentiable [8][9][10][11][12][13]. Initial observations from literature [5,8,9,[12][13][14][15][16], point out that code transformation actions such as; appending semantic nop no instructions, insertion of jump instructions and replace existing instructions, when applied on a software or an execuatble file can obfuscate the file against pirating or lower the file's true positive rate.…”

Section: Introductionmentioning

confidence: 99%

“…This characteristic almost makes the payload feature-space impracticable to discover an approximate or exact function that is differentiable [8][9][10][11][12][13]. Initial observations from literature [5,8,9,[12][13][14][15][16], point out that code transformation actions such as; appending semantic nop no instructions, insertion of jump instructions and replace existing instructions, when applied on a software or an execuatble file can obfuscate the file against pirating or lower the file's true positive rate. In this work, we enhanced these aforementioned code transformation actions with Dynamic Programming based search method-a reinforcement learning algorithm, to increase their evasive potency against static malware scanners whiles satisfying the behavior preserving criteria.…”

Section: Introductionmentioning

confidence: 99%

Dynamic Programming-based Adversarial Windows Payload Generator

Kingful,

Ahene,

Appiah

et al. 2023

Preprint

View full text Add to dashboard Cite

This work presents a behavior preserving Adversarial payload framework against static Windows malware scanners.The framework uses Dynamic Programming to decide on the sequence of static code transformation actions to transform a Windows payload to its adversarial state. In an empirical evaluation with Windows payloads from Metasploit Framework in a black-box settings, static machine learning based and majority of commercial antivirus scanners can still be evaded by these transformations. The potency of these generated Adversarial payload capable of breaching commercial antivirus on users’ devices was demonstrated. The experimental results show a generated Adversarial Backdoor Trojan evade static and also evade its offline dynamic detector and establish a backdoor on the users’ device.

show abstract

Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN

Cited by 80 publications

References 6 publications

A Survey on Malware Detection with Graph Representation Learning

A Survey on Malware Detection with Graph Representation Learning

Generative adversarial networks and image-based malware classification

Dynamic Programming-based Adversarial Windows Payload Generator

Contact Info

Product

Resources

About