Securing Network Traffic Classification Models against Adversarial Examples Using Derived Variables

Adeke, James Msughter; Liu, Guangjie; Zhao, Junjie; Wu, Nannan; Bashir, Hafsat Muhammad

doi:10.3390/fi15120405

Cited by 1 publication

(1 citation statement)

References 56 publications

(58 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As an additional contribution, we evaluated the performance of the adversarial training strategy performed when learning the LGBM model using the realistic adversarial samples produced with the attack methods considered in the study. The adversarial training strategy [4] is commonly considered one of the main defence techniques to resist adversarial attacks [18][19][20][21]. In this evaluation study, we applied the adversarial training strategy by extending the original training set with the adversarial malware files generated with Extend, Full DOS, Shift and FGSM padding + slack.…”

Section: Introductionmentioning

confidence: 99%

Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection

Imran,

Appice,

Malerba

2024

Future Internet

View full text Add to dashboard Cite

During the last decade, the cybersecurity literature has conferred a high-level role to machine learning as a powerful security paradigm to recognise malicious software in modern anti-malware systems. However, a non-negligible limitation of machine learning methods used to train decision models is that adversarial attacks can easily fool them. Adversarial attacks are attack samples produced by carefully manipulating the samples at the test time to violate the model integrity by causing detection mistakes. In this paper, we analyse the performance of five realistic target-based adversarial attacks, namely Extend, Full DOS, Shift, FGSM padding + slack and GAMMA, against two machine learning models, namely MalConv and LGBM, learned to recognise Windows Portable Executable (PE) malware files. Specifically, MalConv is a Convolutional Neural Network (CNN) model learned from the raw bytes of Windows PE files. LGBM is a Gradient-Boosted Decision Tree model that is learned from features extracted through the static analysis of Windows PE files. Notably, the attack methods and machine learning models considered in this study are state-of-the-art methods broadly used in the machine learning literature for Windows PE malware detection tasks. In addition, we explore the effect of accounting for adversarial attacks on securing machine learning models through the adversarial training strategy. Therefore, the main contributions of this article are as follows: (1) We extend existing machine learning studies that commonly consider small datasets to explore the evasion ability of state-of-the-art Windows PE attack methods by increasing the size of the evaluation dataset. (2) To the best of our knowledge, we are the first to carry out an exploratory study to explain how the considered adversarial attack methods change Windows PE malware to fool an effective decision model. (3) We explore the performance of the adversarial training strategy as a means to secure effective decision models against adversarial Windows PE malware files generated with the considered attack methods. Hence, the study explains how GAMMA can actually be considered the most effective evasion method for the performed comparative analysis. On the other hand, the study shows that the adversarial training strategy can actually help in recognising adversarial PE malware generated with GAMMA by also explaining how it changes model decisions.

show abstract

Section: Introductionmentioning

confidence: 99%