MAB-Malware: A Reinforcement Learning Framework for Attacking Static Malware Classifiers

Song, Wei; Li, Xuezixiang; Afroz, Sadia; Garg, Deepali; Kuznetsov, Dmitry A.; Yin, Heng

doi:10.48550/arxiv.2003.03100

Cited by 8 publications

(24 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For the same reason, the number of iterations the frameworks can make of crafting an attack and improving the action model based on the classifier's response should be limited to a reasonable number, as it is not realistic for these models to be able to make an unlimited number of attacks in a non-testing environment. Song et al, propose 50 as a reasonable limit on the number of iterations for practical adversarial example generation [6].…”

Section: Frameworkmentioning

confidence: 99%

“…With the increase of mobile applications and Internet of Things technology in daily life, users are beginning to worry about the security and privacy of software [1][2][3][4][5]. Despite improving antivirus technology, malware-related exploits remain one of the biggest security problems in computing today, with over 7.2 billion attacks being reported in 2019 alone [6]. The issue of malicious Windows executables is of particular concern, as thousands of new samples of harmful programs continue to be uploaded to the VirusTotal online file analyzer each day [7].…”

Section: Introductionmentioning

confidence: 99%

“…Another noteworthy paper was a proposal by Song et al, for a reinforcement learning framework for generating adversarial examples for vulnerable classifiers, implemented in another Python library MAB-Malware [6]. It differentiates itself from similar frameworks like secml-malware on several counts.…”

Section: Introductionmentioning

confidence: 99%

“…Other frameworks that choose to treat the problem as a stateful one, where the order of operations is significant, will see a large increase in learning difficulty, as the number of possible action combinations becomes much larger. The other major improvement of MAB-Malware over other models is that when it successfully makes an adversarial attack, any operations that were not necessary for this success are removed prior to points being assigned by the training algorithm [6]. This further reduces learning time and increases productivity, as actions that did not contribute to crafting an adversarial example are no longer rewarded by the model.…”

Section: Introductionmentioning

confidence: 99%

“…On being tested with a set of input malware against the MalConv neural network, MAB-Malware was able to achieve a detection rate of less than 3% within 50 iterations of black box attacks [6]. Of these evasions, the successful adversarial examples were overwhelmingly generated by appending goodware content to the end of the executable, much like the GAMMA attacks in the secml-malware library.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Dissecting Malware in the Wild

Spencer¹,

Wang²,

Sun³

et al. 2021

Preprint

View full text Add to dashboard Cite

With the increasingly rapid development of new malicious computer software by bad faith actors, both commercial and researchoriented antivirus detectors have come to make greater use of machine learning tactics to identify such malware as harmful before end users are exposed to their effects. This, in turn, has spurred the development of tools that allow for known malware to be manipulated such that they can evade being classified as dangerous by these machine learning-based detectors, while retaining their malicious functionality. These manipulations function by applying a set of changes that can be made to Windows programs that result in a different file structure and signature without altering the software's capabilities. Various proposals have been made for the most effective way of applying these alterations to input malware to deceive static malware detectors; the purpose of this research is to examine these proposals and test their implementations to determine which tactics tend to generate the most successful attacks.

show abstract

Section: Frameworkmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Dissecting Malware in the Wild

Spencer¹,

Wang²,

Sun³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

Creating valid adversarial examples of malware

Kozák,

Jureček,

Stamp

et al. 2024

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Because of its world-class results, machine learning (ML) is becoming increasingly popular as a go-to solution for many tasks. As a result, antivirus developers are incorporating ML models into their toolchains. While these models improve malware detection capabilities, they also carry the disadvantage of being susceptible to adversarial attacks. Although this vulnerability has been demonstrated for many models in white-box settings, a black-box scenario is more applicable in practice for the domain of malware detection. We present a method of creating adversarial malware examples using reinforcement learning algorithms. The reinforcement learning agents utilize a set of functionality-preserving modifications, thus creating valid adversarial examples. Using the proximal policy optimization (PPO) algorithm, we achieved an evasion rate of 53.84% against the gradient-boosted decision tree (GBDT) detector. The PPO agent previously trained against the GBDT classifier scored an evasion rate of 11.41% against the neural network-based classifier MalConv and an average evasion rate of 2.31% against top antivirus programs. Furthermore, we discovered that random application of our functionality-preserving portable executable modifications successfully evades leading antivirus engines, with an average evasion rate of 11.65%. These findings indicate that ML-based models used in malware detection systems are sensitive to adversarial attacks and that better safeguards need to be taken to protect these systems.

show abstract

A comparison of adversarial malware generators

Louthánová,

Kozák,

Jureček

et al. 2024

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Machine learning has proven to be a valuable tool for automated malware detection, but machine learning systems have also been shown to be subject to adversarial attacks. This paper summarizes and compares related work on generating adversarial malware samples, specifically malicious Windows Portable Executable files. In contrast with previous research, we not only compare generators of adversarial malware examples theoretically, but we also provide an experimental comparison and evaluation for practical usability. We use gradient-based, evolutionary-based, and reinforcement-based approaches to create adversarial samples, which we test against selected antivirus products. The results show that applying optimized modifications to previously detected malware can lead to incorrect classification of the file as benign. Moreover, generated malicious samples can be effectively employed against detection models other than those used to produce them, and combinations of methods can construct new instances that avoid detection. Based on our findings, the Gym-malware generator, which uses reinforcement learning, has the greatest practical potential. This generator has the fastest average sample production time of 5.73 s and the highest average evasion rate of 44.11%. Using the Gym-malware generator in combination with itself further improved the evasion rate to 58.35%. However, other tested methods scored significantly lower in our experiments than reported in the original publications, highlighting the importance of a standardized evaluation environment.

show abstract

MAB-Malware: A Reinforcement Learning Framework for Attacking Static Malware Classifiers

Cited by 8 publications

References 29 publications

Dissecting Malware in the Wild

Dissecting Malware in the Wild

Creating valid adversarial examples of malware

A comparison of adversarial malware generators

Contact Info

Product

Resources

About