Adversarial Machine Learning in Malware Detection: Arms Race between Evasion Attack and Defense

“…• We explore the arms race between adversarial malware attack and defense to en-hance the security of machine learning-based detection systems through analyzing adversarial attacks, and formulating secure-learning paradigms to counter the adversarial attacks. Our work on adversarial machinle learning in malware detection has resulted in 5 publications [32,33,28,29,30].…”

“…-Analyze adversarial attacks under different scenarios: The attackers may have different levels of knowledge of the learning system [126]. We explore the adversarial attacks corresponding to the different scenarios, thoroughly assess the adversary behaviors through feature manipulations, adversarial cost, and attack goals, and accordingly present a general attack strategy for further investigations [32,33,29] (See Section 4.2 for details).…”

“…DroidEye to counter these attacks. In our proposed methods, SecDefender adopts classifier retraining technique on basis of our proposed adversarial attack model AdvAttack and enhances the robustness of the classifier using the security regularization terms; SecureDroid utilizes a novel feature selection method to build more secure classifier by enforcing attackers to increase the adversarial costs and maximize the manipulations, and introduces an ensemble learning approach to aggregate different individual classifiers constructed using our proposed feature selection method to improve system security while not compromising detection accuracy; DroidEye takes advantage of gradient masking for feature space, utilizes count featurization to transform the binary feature space into continuous probabilities encoding the distribution in each class (either benign or malicious) to reduce the adversarial gradient of the learning model, and then introduces softmax function (i.e., normalized exponential function) with adversarial parameter to find the best trade-off between security and accuracy for the classifier by tuning the adversarial parameter [32,33,28,30] (See Section 4.3 for details).…”

“…• We develop practical systems integrating our proposed methods for comprehensive experimental studies on real sample collections from an anti-malware industry company. Specifically, we collect different sample sets from Comodo Cloud Security Center; based on these real sample collections, we construct practical systems based on our proposed methods and provide a series of comprehensive experiments to empirically evaluate the performances of these methods [33,28,32,31,27,30] (See Section 3.2.3, 3.3.3, 4.3.4, 4.4.4, and 4.5.3 for details).…”

“…In sum, by the date of this dissertation, we have had 9 publications [31,27,66,143,32,33,28,29,30] in intelligent malware detection using file-to-file relations and adversarial machine learning in malware detection, including the prestigious IEEE EISIC'2017 Best…”

Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks

“…• We explore the arms race between adversarial malware attack and defense to en-hance the security of machine learning-based detection systems through analyzing adversarial attacks, and formulating secure-learning paradigms to counter the adversarial attacks. Our work on adversarial machinle learning in malware detection has resulted in 5 publications [32,33,28,29,30].…”

“…-Analyze adversarial attacks under different scenarios: The attackers may have different levels of knowledge of the learning system [126]. We explore the adversarial attacks corresponding to the different scenarios, thoroughly assess the adversary behaviors through feature manipulations, adversarial cost, and attack goals, and accordingly present a general attack strategy for further investigations [32,33,29] (See Section 4.2 for details).…”

“…DroidEye to counter these attacks. In our proposed methods, SecDefender adopts classifier retraining technique on basis of our proposed adversarial attack model AdvAttack and enhances the robustness of the classifier using the security regularization terms; SecureDroid utilizes a novel feature selection method to build more secure classifier by enforcing attackers to increase the adversarial costs and maximize the manipulations, and introduces an ensemble learning approach to aggregate different individual classifiers constructed using our proposed feature selection method to improve system security while not compromising detection accuracy; DroidEye takes advantage of gradient masking for feature space, utilizes count featurization to transform the binary feature space into continuous probabilities encoding the distribution in each class (either benign or malicious) to reduce the adversarial gradient of the learning model, and then introduces softmax function (i.e., normalized exponential function) with adversarial parameter to find the best trade-off between security and accuracy for the classifier by tuning the adversarial parameter [32,33,28,30] (See Section 4.3 for details).…”

“…• We develop practical systems integrating our proposed methods for comprehensive experimental studies on real sample collections from an anti-malware industry company. Specifically, we collect different sample sets from Comodo Cloud Security Center; based on these real sample collections, we construct practical systems based on our proposed methods and provide a series of comprehensive experiments to empirically evaluate the performances of these methods [33,28,32,31,27,30] (See Section 3.2.3, 3.3.3, 4.3.4, 4.4.4, and 4.5.3 for details).…”

“…In sum, by the date of this dissertation, we have had 9 publications [31,27,66,143,32,33,28,29,30] in intelligent malware detection using file-to-file relations and adversarial machine learning in malware detection, including the prestigious IEEE EISIC'2017 Best…”

Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks

Runtime API Signature for Fileless Malware Detection

Evading API Call Sequence Based Malware Classifiers