Learn2Evade: Learning-Based Generative Model for Evading PDF Malware Classifiers

Bae, Ho; Lee, Younghan; Kim, Young S.; Hwang, Uiwon; Yoon, Sungroh; Paek, Yunheung

doi:10.1109/tai.2021.3103139

Cited by 9 publications

(7 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Set loss function using equation (4) (17) end for (18) Exert Adam optimizer to optimize parameter Q (19) end if (20) Every U step reset θ − � θ (21) if done then (22) break (23) end if (24) end for (25) if episode mod TEST_INTERVAL �� 0 then (26) Run Testing Algorithm and record evasion rate ER (27) Store Q and Q * to a new model M (28) end if (29) end for ALGORITHM 1: Training algorithm.…”

Section: Experiments A: Performance Analysis For Policy Improvement T...mentioning

confidence: 99%

“…Dang et al [19] presented a method named EvadeHC using the mountain climbing algorithm, which was claimed to be more time-efficient while preserving a high evasion rate. Recent studies done by Bae et al [20] and Li et al [21] applied generative adversarial network (GAN) to bypass detectors and achieved better performance than previous techniques.…”

Section: Introductionmentioning

confidence: 99%

“…Despite the remarkable success of the aforementioned researches, it has been noted that both EvadeML and EvadeHC have deficiencies that the stochastic manipulations they applied may be highly computationally demanding [20]. And conceivably, random mutations (i.e., inserting, deleting, and replacing) [18] to the structure make it challenging to maintain the maliciousness of the original files.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

EvadeRL: Evading PDF Malware Classifiers with Deep Reinforcement Learning

Mao

Fang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

With the growing popularity of information digitization and the advancement of executable file detection technology, PDF has emerged as an important carrier of malicious documents. Despite the improved efficacy of machine learning-based classifiers in detecting PDF malware, adversaries have proposed a variety of countermeasures to evade detection, such as generating adversarial examples. In contrast to other peer works attempting to expose the vulnerability of learning-based detection models, this work addresses the deficiencies of existing research by pointing out that the stochastic manipulations they applied may be highly computationally demanding. This work proposed EvadeRL, a general framework for automatically generating adversarial examples based on double deep Q-Network. The details of EvadeRL are briefly described as follows. First, the EvadeRL agent chooses a series of actions to modify the given PDF files and uses the classification results, as well as observations returning from the environment, to calculate the approximate value of each action. Second, through the interaction of the agent and the environment, the experiences gained are stored to train the decision network. Finally, the agent can generate adversarial examples against the target detector by taking the optimal behaviors after training. This study also contributes to the sustainability of evasion attacks by online fine-tuning; to the best of our current knowledge, this is the first study in the field that focuses on evolving malware. The experiments reveal that EvadeRL obtains a high evasion rate against PDF malware detectors and outperforms other approaches in terms of execution cost, robustness against hardened detectors, and sustainability against evolving malware and detectors.

show abstract

Section: Experiments A: Performance Analysis For Policy Improvement T...mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

EvadeRL: Evading PDF Malware Classifiers with Deep Reinforcement Learning

Mao

Fang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Similar methods that utilize Learning-Based Generative Model for PDF files [16], Concept Drift Detection with Sequential Deep Learning (CDS SDL) for batch malwares [17], Fuzzified Features with Boosted Fuzzy Random Forest (FBRF) [18], and RNN for visualization of malwares [19] are discussed by researchers. These models aim at improving inter-class feature variance via rigorous analysis of extracted features in order to identify malwarespecific models that can be deployed for on-field use cases.…”

Section: Literature Reviewmentioning

confidence: 99%

ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

Pateriya

Tomar

2022

Preprint

View full text Add to dashboard Cite

Classification of malwares from spatial & temporal data patterns requires efficient design of deep learning models. These models deploy methods for feature extraction, feature selection, classification & post-processing to perform this task. A wide variety of high-efficiency malware analysis models are proposed by researchers, and most of them are application-specific, thus cannot be scaled to multiple domains. Out of these, only a few of these models are targeted towards identification of malware locations. In order to improve malware detection scalability, and localization performance, this text proposes a novel augmented convolutional model (ACM) for intelligent cross-domain malware analysis via forensic neural networks (FNNs). The FNNs are designed as an integration of multiple augmented convolutional models, which include different optimizers & feature extraction units. In this design, each of these units are customized to improve their feature extraction & selection capabilities, which assists in improving classification performance. Results of classification are given to an ACM layer, which performs feature augmentation to localize malware positions in input data. The proposed model was evaluated on multiple malware datasets, including Electro RAT, Pegasus, SkyGoFree, Viking Horde, Bat Skull, Yesmile, Wirenet, Jigsaw, Satana, Tapaoux, etc. It was observed that the proposed model was able to classify these malwares with an average accuracy of 98.5%, which makes it useful for real-time malware analysis. The model was also able to achieve an average localization accuracy of 79.6% across these datasets, thereby assisting forensic experts to obtain an approximate estimate of malware locations in input data streams. This performance was compared with some of the recently proposed malware detection models, and it was observed that the proposed ACMFNN method has 8% better precision, 6.5% better recall, and 9.4% better classification accuracy when compared with these methods on the same dataset. Due to augmented convolutional model, it was observed that the proposed approach had 15% better localization accuracy, 19% better localization precision, and 14% better localization recall when compared with these methods. Thereby indicating that the propose model is applicable for a wide variety of malware detection & localization application deployments.

show abstract

“…In the last few years, several attempts have been made to develop a classifier with the malware feature. Data mining and ML methods are utilized for developing smart malware classification and detection techniques [9]. The Deep neural network (DNN) has attained considerable achievement in various applications, particularly in computer vision.…”

Section: Introductionmentioning

confidence: 99%

Optimal Deep Belief Network Enabled Malware Detection and Classification Model

Chandran¹,

Rajini²,

Jeyakarthic³

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

Cybercrime has increased considerably in recent times by creating new methods of stealing, changing, and destroying data in daily lives. Portable Document Format (PDF) has been traditionally utilized as a popular way of spreading malware. The recent advances of machine learning (ML) and deep learning (DL) models are utilized to detect and classify malware. With this motivation, this study focuses on the design of mayfly optimization with a deep belief network for PDF malware detection and classification (MFODBN-MDC) technique. The major intention of the MFODBN-MDC technique is for identifying and classifying the presence of malware exist in the PDFs. The proposed MFODBN-MDC method derives a new MFO algorithm for the optimal selection of feature subsets. In addition, Adamax optimizer with the DBN model is used for PDF malware detection and classification. The design of the MFO algorithm to select features and Adamax based hyperparameter tuning for PDF malware detection and classification demonstrates the novelty of the work. For demonstrating the improved outcomes of the MFODBN-MDC model, a wide range of simulations are executed, and the results are assessed in various aspects. The comparison study highlighted the enhanced outcomes of the MFODBN-MDC model over the existing techniques with maximum precision, recall, and F1 score of 97.42%, 97.33%, and 97.33%, respectively.

show abstract

Learn2Evade: Learning-Based Generative Model for Evading PDF Malware Classifiers

Cited by 9 publications

References 22 publications

EvadeRL: Evading PDF Malware Classifiers with Deep Reinforcement Learning

EvadeRL: Evading PDF Malware Classifiers with Deep Reinforcement Learning

ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

Optimal Deep Belief Network Enabled Malware Detection and Classification Model

Contact Info

Product

Resources

About