Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
110 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

ATWM: Defense against adversarial malware based on adversarial training (2307.05095v1)

Published 11 Jul 2023 in cs.CR and cs.AI

Abstract: Deep learning technology has made great achievements in the field of image. In order to defend against malware attacks, researchers have proposed many Windows malware detection models based on deep learning. However, deep learning models are vulnerable to adversarial example attacks. Malware can generate adversarial malware with the same malicious function to attack the malware detection model and evade detection of the model. Currently, many adversarial defense studies have been proposed, but existing adversarial defense studies are based on image sample and cannot be directly applied to malware sample. Therefore, this paper proposes an adversarial malware defense method based on adversarial training. This method uses preprocessing to defend simple adversarial examples to reduce the difficulty of adversarial training. Moreover, this method improves the adversarial defense capability of the model through adversarial training. We experimented with three attack methods in two sets of datasets, and the results show that the method in this paper can improve the adversarial defense capability of the model without reducing the accuracy of the model.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (32)
  1. Yolov4: Optimal speed and accuracy of object detection. arXiv preprint arXiv:2004.10934, 2020.
  2. Towards evaluating the robustness of neural networks. In 2017 IEEE symposium on security and privacy (sp), pages 39–57. IEEE, 2017.
  3. Deep neural networks for youtube recommendations. In Proceedings of the 10th ACM conference on recommender systems, pages 191–198, 2016.
  4. Detection of malicious code variants based on deep learning. IEEE Transactions on Industrial Informatics, 14(7):3187–3196, 2018.
  5. Functionality-preserving black-box optimization of adversarial windows malware. IEEE Transactions on Information Forensics and Security, 16:3469–3478, 2021.
  6. Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805, 2018.
  7. Stochastic activation pruning for robust adversarial defense. arXiv preprint arXiv:1803.01442, 2018.
  8. Generative adversarial networks. Communications of the ACM, 63(11):139–144, 2020.
  9. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014.
  10. Neural collaborative filtering. In Proceedings of the 26th international conference on world wide web, pages 173–182, 2017.
  11. Densely connected convolutional networks. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 4700–4708, 2017.
  12. Copycat: practical adversarial attacks on visualization-based malware detection. arXiv preprint arXiv:1909.09735, 2019.
  13. Generative adversarial trainer: Defense to adversarial perturbations with gan. arXiv preprint arXiv:1705.03387, 2017.
  14. Atmpa: attacking machine learning-based malware visualization detection methods via adversarial examples. In Proceedings of the International Symposium on Quality of Service, pages 1–10, 2019.
  15. Towards robust neural networks via random self-ensemble. In Proceedings of the European Conference on Computer Vision (ECCV), pages 369–385, 2018.
  16. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083, 2017.
  17. Adversarial example remaining availability and functionality. Journal of Frontiers of Computer Science & Technology, 16(10):2286, 2022.
  18. Magnet: a two-pronged defense against adversarial examples. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pages 135–147, 2017.
  19. Malware detection by eating a whole exe. arXiv preprint arXiv:1710.09435, 2017.
  20. Microsoft malware classification challenge. arXiv preprint arXiv:1802.10135, 2018.
  21. Fast and accurate recurrent neural network acoustic models for speech recognition. arXiv preprint arXiv:1507.06947, 2015.
  22. Ape-gan: Adversarial perturbation elimination with gan. arXiv preprint arXiv:1707.05474, 2017.
  23. Sequence to sequence learning with neural networks. Advances in neural information processing systems, 27, 2014.
  24. A novel malware classification and augmentation model based on convolutional neural network. Computers & Security, 112:102515, 2022.
  25. Ensemble adversarial training: Attacks and defenses. arXiv preprint arXiv:1705.07204, 2017.
  26. Attention is all you need. Advances in neural information processing systems, 30, 2017.
  27. A survey of intelligent malware detection on windows platform. Journal of Computer Research and Development, 58(5):977–994, 2021.
  28. Image-based malware classification using section distribution information. Computers & Security, 110:102420, 2021.
  29. Mitigating adversarial effects through randomization. arXiv preprint arXiv:1711.01991, 2017.
  30. Achieving human parity in conversational speech recognition. arXiv preprint arXiv:1610.05256, 2016.
  31. Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155, 2017.
  32. mixup: Beyond empirical risk minimization. arXiv preprint arXiv:1710.09412, 2017.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (3)
  1. Kun Li (193 papers)
  2. Fan Zhang (686 papers)
  3. Wei Guo (221 papers)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now