Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
184 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Burning the Adversarial Bridges: Robust Windows Malware Detection Against Binary-level Mutations (2310.03285v1)

Published 5 Oct 2023 in cs.LG and cs.CR

Abstract: Toward robust malware detection, we explore the attack surface of existing malware detection systems. We conduct root-cause analyses of the practical binary-level black-box adversarial malware examples. Additionally, we uncover the sensitivity of volatile features within the detection engines and exhibit their exploitability. Highlighting volatile information channels within the software, we introduce three software pre-processing steps to eliminate the attack surface, namely, padding removal, software stripping, and inter-section information resetting. Further, to counter the emerging section injection attacks, we propose a graph-based section-dependent information extraction scheme for software representation. The proposed scheme leverages aggregated information within various sections in the software to enable robust malware detection and mitigate adversarial settings. Our experimental results show that traditional malware detection models are ineffective against adversarial threats. However, the attack surface can be largely reduced by eliminating the volatile information. Therefore, we propose simple-yet-effective methods to mitigate the impacts of binary manipulation attacks. Overall, our graph-based malware detection scheme can accurately detect malware with an area under the curve score of 88.32\% and a score of 88.19% under a combination of binary manipulation attacks, exhibiting the efficiency of our proposed scheme.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (48)
  1. 2019. VirusTotal. Available at [Online]: https://www.virustotal.com.
  2. 2021. VirusTotal Statistics. Available at [Online]: https://www.virustotal.com/en/statistics/.
  3. 2022. VirusShare. Available at [Online]: https://virusshare.com/.
  4. Subgraph-Based Adversarial Examples Against Graph-Based IoT Malware Detection Systems. In International Conference on Computational Data and Social Networks. 268–281.
  5. Systematically Evaluating the Robustness of ML-based IoT Malware Detection Systems. In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses. 308–320.
  6. Examining the Security of DDoS Detection Systems in Software Defined Networks. In Proceedings of the 15th International Conference on emerging Networking EXperiments and Technologies. 49–50.
  7. Adversarial Deep Learning for Robust Detection of Binary Encoded Malware. In Proceedings of the IEEE Security and Privacy Workshops, SP Workshops. 76–82.
  8. Analyzing and Detecting Emerging Internet of Things Malware: A Graph-based Approach. IEEE Internet of Things Journal (2019).
  9. Analyzing and detecting emerging Internet of Things malware: a graph-based approach. IEEE Internet of Things Journal 6, 5 (2019), 8977–8988.
  10. The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle. In USENIX Security Symposium (USENIX Security 21).
  11. Hyrum S Anderson and Phil Roth. 2018. Ember: an open dataset for training static pe malware machine learning models. arXiv preprint arXiv:1804.04637 (2018).
  12. Statically Dissecting Internet of Things Malware: Analysis, Characterization, and Detection. In International Conference on Information and Communications Security. Springer, 443–461.
  13. Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land. In Proceedings of the IEEE Symposium on Security and Privacy.
  14. Droidcat: Effective android malware detection and categorization via app-level profiling. IEEE Transactions on Information Forensics and Security 14, 6 (2018), 1455–1470.
  15. Nicholas Carlini and David A. Wagner. 2017a. Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, AISec@CCS. 3–14.
  16. Nicholas Carlini and David A. Wagner. 2017b. Towards Evaluating the Robustness of Neural Networks. In Proceedings of the IEEE Symposium on Security and Privacy. 39–57.
  17. Armed: How automatic malware modifications can evade static detection?. In 2019 5th International Conference on Information Management (ICIM). 20–27.
  18. Detection of Malicious Code Variants Based on Deep Learning. Trans. Industrial Informatics 14, 7 (2018), 3187–3196.
  19. Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware. IEEE Trans. Inf. Forensics Secur. 16 (2021), 3469–3478.
  20. Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection. CoRR abs/2008.07125 (2020).
  21. Malware Visualization for Fine-Grained Classification. IEEE Access 6 (2018), 14510–14523.
  22. Adversarial Examples for Malware Detection. In Proceedings of the 22nd European Symposium on Research Computer Security - ESORICS, Part II. 62–79.
  23. A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting. Future Generation Computer Systems 85 (2018), 88–96.
  24. Adversarially Robust Malware Detection Using Monotonic Classification. In Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, IWSPA@CODASPY 2018, Tempe, AZ, USA, March 19-21, 2018, Rakesh M. Verma and Murat Kantarcioglu (Eds.). ACM, 54–63.
  25. Transcend: Detecting concept drift in malware classification models. In 26th USENIX Security Symposium (USENIX Security 17). 625–642.
  26. Detecting and classifying android malware using static analysis along with creator information. International Journal of Distributed Sensor Networks 11, 6 (2015), 479174.
  27. Approaches to adversarial drift. In Proceedings of the 2013 ACM workshop on Artificial intelligence and security. 99–110.
  28. Lightgbm: A highly efficient gradient boosting decision tree. Advances in neural information processing systems 30 (2017), 3146–3154.
  29. Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables. In The European Signal Processing Conference, EUSIPCO. 533–537.
  30. Xin Li and Fuxin Li. 2017. Adversarial Examples Detection in Deep Networks with Convolutional Filter Statistics. In IEEE International Conference on Computer Vision, ICCV. 5775–5783.
  31. Aziz Makandar and Anita Patrot. 2017. Malware class recognition using image processing techniques. In Proceedings of the 2017 International Conference on Data Management, Analytics and Innovation (ICDMAI). 76–80.
  32. Francesco Mercaldo and Antonella Santone. 2020. Deep learning for image-based mobile malware detection. Journal of Computer Virology and Hacking Techniques (2020), 1–15.
  33. On Detecting Adversarial Perturbations. In the 5th International Conference on Learning Representations, ICLR.
  34. Distributional smoothing with virtual adversarial training. In International Conference on Learning Representations. 1–12.
  35. AMAL: High-fidelity, behavior-based automated malware analysis and classification. Computers & Security 52 (2015), 251–266.
  36. DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks. In IEEE Conference on Computer Vision and Pattern Recognition. 2574–2582.
  37. Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security. 4.
  38. Malware identification using visualization images and deep learning. Computers & Security 77 (2018), 871–885.
  39. Malware Detection by Eating a Whole EXE. In The Workshops of the The Thirty-Second AAAI Conference on Artificial Intelligence, New Orleans, Louisiana, USA, February 2-7, 2018 (AAAI Workshops, Vol. WS-18). AAAI Press, 268–276.
  40. Learning the PE Header, Malware Detection with Minimal Domain Knowledge. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, AISec@CCS 2017. ACM, 121–132.
  41. Lightweight Classification of IoT Malware Based on Image Recognition. In IEEE Annual Computer Software and Applications Conference, COMPSAC. IEEE Computer Society, 664–669.
  42. Exploring Adversarial Examples in Malware Detection. In 2019 IEEE Security and Privacy Workshops, SP Workshops 2019, San Francisco, CA, USA, May 19-23, 2019. IEEE, 8–14.
  43. Image-based malware classification using ensemble of CNN architectures (IMCEC). Computers & Security (2020), 101748.
  44. Adversary Resistant Deep Neural Networks with an Application to Malware Detection. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 1145–1153.
  45. Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In the Network and Distributed System Security Symposium, NDSS.
  46. Malytics: a malware detection scheme. IEEE Access 6 (2018), 49418–49431.
  47. IRMD: Malware Variant Detection Using Opcode Image Recognition. In Proceedings of the 22nd IEEE International Conference on Parallel and Distributed Systems, ICPADS. 1175–1180.
  48. Dynamic Malware Analysis with Feature Engineering and Feature Learning. In The AAAI Conference on Artificial Intelligence, AAAI. AAAI Press, 1210–1217.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now