Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
125 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Explainability Guided Adversarial Evasion Attacks on Malware Detectors (2405.01728v1)

Published 2 May 2024 in cs.CR

Abstract: As the focus on security of AI is becoming paramount, research on crafting and inserting optimal adversarial perturbations has become increasingly critical. In the malware domain, this adversarial sample generation relies heavily on the accuracy and placement of crafted perturbation with the goal of evading a trained classifier. This work focuses on applying explainability techniques to enhance the adversarial evasion attack on a machine-learning-based Windows PE malware detector. The explainable tool identifies the regions of PE malware files that have the most significant impact on the decision-making process of a given malware detector, and therefore, the same regions can be leveraged to inject the adversarial perturbation for maximum efficiency. Profiling all the PE malware file regions based on their impact on the malware detector's decision enables the derivation of an efficient strategy for identifying the optimal location for perturbation injection. The strategy should incorporate the region's significance in influencing the malware detector's decision and the sensitivity of the PE malware file's integrity towards modifying that region. To assess the utility of explainable AI in crafting an adversarial sample of Windows PE malware, we utilize the DeepExplainer module of SHAP for determining the contribution of each region of PE malware to its detection by a CNN-based malware detector, MalConv. Furthermore, we analyzed the significance of SHAP values at a more granular level by subdividing each section of Windows PE into small subsections. We then performed an adversarial evasion attack on the subsections based on the corresponding SHAP values of the byte sequences.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (24)
  1. D. Nisi, M. Graziano, Y. Fratantonio, and D. Balzarotti, “Lost in the loader: The many faces of the windows pe file format,” in Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses, 2021, pp. 177–192.
  2. K. Aryal, M. Gupta, and M. Abdelsalam, “A survey on adversarial attacks for malware analysis,” arXiv preprint arXiv:2111.08223, 2021.
  3. ——, “Analysis of label-flip poisoning attack on machine learning based malware detector,” in 2022 IEEE International Conference on Big Data (Big Data).   IEEE, 2022, pp. 4236–4245.
  4. B. Kolosnjaji, A. Demontis, B. Biggio, D. Maiorca, G. Giacinto, C. Eckert, and F. Roli, “Adversarial malware binaries: Evading deep learning for malware detection in executables,” in 2018 26th European signal processing conference (EUSIPCO).   IEEE, 2018, pp. 533–537.
  5. F. Kreuk, A. Barak, S. Aviv-Reuven, M. Baruch, B. Pinkas, and J. Keshet, “Deceiving end-to-end deep learning malware detectors using adversarial examples,” arXiv preprint arXiv:1802.04528, 2018.
  6. W. Hu and Y. Tan, “Black-box attacks against rnn based malware detection algorithms,” in Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence, 2018.
  7. I. Rosenberg, S. Meir, J. Berrebi, I. Gordon, G. Sicard, and E. O. David, “Generating end-to-end adversarial examples for malware classifiers using explainability,” in 2020 international joint conference on neural networks (IJCNN).   IEEE, 2020, pp. 1–10.
  8. L. Demetrio, B. Biggio, G. Lagorio, F. Roli, and A. Armando, “Explaining vulnerabilities of deep learning to adversarial malware binaries,” arXiv preprint arXiv:1901.03583, 2019.
  9. L. Demetrio, S. E. Coull, B. Biggio, G. Lagorio, A. Armando, and F. Roli, “Adversarial exemples: A survey and experimental evaluation of practical attacks on machine learning for windows malware detection,” ACM Transactions on Privacy and Security (TOPS), vol. 24, no. 4, pp. 1–31, 2021.
  10. O. Suciu, S. E. Coull, and J. Johns, “Exploring adversarial examples in malware detection,” in 2019 IEEE Security and Privacy Workshops (SPW).   IEEE, 2019, pp. 8–14.
  11. J. Yuste, E. G. Pardo, and J. Tapiador, “Optimization of code caves in malware binaries to evade machine learning detectors,” Computers & Security, vol. 116, p. 102643, 2022.
  12. K. Aryal, M. Gupta, M. Abdelsalam, and M. Saleh, “Intra-section code cave injection for adversarial evasion attacks on windows pe malware file,” 2024.
  13. L. Vigano and D. Magazzeni, “Explainable security,” in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).   IEEE, 2020, pp. 293–300.
  14. A. Nadeem and et al., “Sok: Explainable machine learning for computer security applications,” in 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P).   IEEE, 2023, pp. 221–240.
  15. H. Manthena, J. C. Kimmel, M. Abdelsalam, and M. Gupta, “Analyzing and explaining black-box models for online malware detection,” IEEE Access, vol. 11, pp. 25 237–25 252, 2023.
  16. E. Raff, J. Barker, J. Sylvester, R. Brandon, B. Catanzaro, and C. K. Nicholas, “Malware detection by eating a whole exe,” in Workshops at the thirty-second AAAI conference on artificial intelligence, 2018.
  17. “Pe format - win32 apps — microsoft learn,” https://learn.microsoft.com/en-us/windows/win32/debug/pe-format.
  18. H. S. Anderson, A. Kharkar, B. Filar, D. Evans, and P. Roth, “Learning to evade static pe machine learning malware models via reinforcement learning,” arXiv preprint arXiv:1801.08917, 2018.
  19. B. Chen, Z. Ren, C. Yu, I. Hussain, and J. Liu, “Adversarial examples for cnn-based malware detectors,” IEEE Access, vol. 7, pp. 54 360–54 371, 2019.
  20. S. M. Lundberg and S.-I. Lee, “A unified approach to interpreting model predictions,” Advances in neural information processing systems, vol. 30, 2017.
  21. L. S. Shapley et al., “A value for n-person games,” 1953.
  22. A. Shrikumar, P. Greenside, and A. Kundaje, “Learning important features through propagating activation differences,” in International conference on machine learning.   PMLR, 2017, pp. 3145–3153.
  23. “Virustotal,” https://www.virustotal.com/.
  24. “pefile · pypi,” https://pypi.org/project/pefile/.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets