ARMED: How Automatic Malware Modifications Can Evade Static Detection?

Castro, Raphael Labaca; Schmitt, Corinna; Rodosek, Gabi Dreo

doi:10.1109/infoman.2019.8714698

Cited by 33 publications

(19 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Consistent with our goal of proposing a more realistic AME attack scenario in our study, we examine the past AME studies that support black-box and binary black-box attacks. Among these studies, AME studies that offer black-box attacks do not require knowing the specifications of the targeted anti-malware (Demetrio et al 2020;Castro, Biggio, and Dreo Rodosek 2019;Castro, Schmitt, and Rodosek 2019;Chen et al 2019a;Park, Khan, and Yener 2019;Suciu, Coull, and Johns 2019;Hu and Tan 2018). These studies employ a wide range of methods such as genetic algorithm (Demetrio et al 2020), random perturbations (Castro, Schmitt, and Rodosek 2019;Chen et al 2019a), dynamic programming (Park, Khan, and Yener 2019), and RNN (Hu and Tan 2018).…”

Section: Anti-malware Evasionmentioning

confidence: 99%

Binary Black-box Evasion Attacks Against Deep Learning-based Static Malware Detectors with Adversarial Byte-Level Language Model

Ebrahimi,

Zhang,

et al. 2020

Preprint

View full text Add to dashboard Cite

Anti-malware engines are the first line of defense against malicious software. While widely used, feature engineering-based anti-malware engines are vulnerable to unseen (zero-day) attacks. Recently, deep learningbased static anti-malware detectors have achieved success in identifying unseen attacks without requiring feature engineering and dynamic analysis. However, these detectors are susceptible to malware variants with slight perturbations, known as adversarial examples. Generating effective adversarial examples is useful to reveal the vulnerabilities of such systems. Current methods for launching such attacks require accessing either the specifications of the targeted anti-malware model, the confidence score of the anti-malware response, or dynamic malware analysis, which are either unrealistic or expensive. We propose MalRNN, a novel deep learning-based approach to automatically generate evasive malware variants without any of these restrictions. Our approach features an adversarial example generation process, which learns a language model via a generative sequence-to-sequence recurrent neural network to augment malware binaries. MalRNN effectively evades three recent deep learning-based malware detectors and outperforms current benchmark methods. Findings from applying our MalRNN on a real dataset with eight malware categories are discussed.

show abstract

Section: Anti-malware Evasionmentioning

confidence: 99%

Binary Black-box Evasion Attacks Against Deep Learning-based Static Malware Detectors with Adversarial Byte-Level Language Model

Ebrahimi,

Zhang,

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…The experiments conducted in the paper show in comparison with traditional compression methods this method has achieved better compression results and is also able to achieve hierarchical synthesis of non-essential parts of the image (trees and rivers) with essential components like houses and roads. [70] 2017 IDSGAN used to generate malware attacks which can bypass the different intrusion detection systems (IDS) Achieved high degree of evasion against IDS Heusel et al [71] 2017 Framework to target portable executable (PE) anti malware systems in an offensive way Advantage: proved to be an effective model to identify the vulnerabilities of the anti-malware systems Arjovsky et al [72] 2017 Model to generate malware instances for Black-Box Attacks Based on GAN Gulrajani et al [73] 2019 Adversarial sample generation to launch attack against malware classifiers Singh et al [74] 2019 Generative model for malware images that could be used to boost classifier's performance by performing data augmentation Advantage: leveraged to generate malware images which would alleviate the problem of public sharing of the dataset Odena et al [75] 2016 Class-conditional image synthesis model to segregate generated samples to their respective malware category without any manual intervention Anderson et al [76] 2016 Model to bypass a detector of web domain generation algorithm Rigaki et al [77] 2018 To adapt malware communication to force misclassification of new generation Intrusion Prevention Systems (IPS) Advantage: effective at modifying malware traffic in order to remain undetectable Labaca et al [78] 2019 GAN to inject automatic byte-level perturbations into PE files to fool the classifier Kawai et al [79] 2020 Bypass malware defenders by adding benign to the original malicious code Advantage: resolve the problem of creating an huge collection of APIs to bypass the detectors BlockChain Zheng [80] 2020 GANs based technology for exchange of secret key which also overcome the block chain problems of security, recovery of lost key and communication inefficiency Advantage: a new avenue is opened the exchange of secret key which us reliable and adaptive as well as efficient…”

Section: Unmanned Aerial Vehicles (Uav's)mentioning

confidence: 99%

“…The malicious code was customized to duplicate the network traffic of the chat application and proposed work suggested that GANs can be successful at modifying malware traffic in order to remain undetectable. The authors implemented a GAN to inject automatic bytelevel perturbations into PE files [78]. The authors proposed an approach to bypass detectors by inculcating benign features to the malicious code [79].…”

Section: Malware Detectionmentioning

confidence: 99%

Spectrum of Advancements and Developments in Multidisciplinary Domains for Generative Adversarial Networks (GANs)

Rizvi

Azad

Fraz

2021

Arch Computat Methods Eng

View full text Add to dashboard Cite

The survey paper summarizes the recent applications and developments in the domain of Generative Adversarial Networks (GANs) i.e. a back propagation based neural network architecture for generative modeling. GANs is one of the most highlighted research avenue due to its synthetic data generation capabilities and benefits of representations comprehended irrespective of the application. While several reviews for GANs in the arena of image processing have been conducted by present but none have given attention on the review of GANs over multi-disciplinary domains. Therefore, in this survey, use of GAN in multidisciplinary applications areas and its implementation challenges have been done by conducting a rigorous search for journal/research article related to GAN and in this regard five renowned journal databases i.e. "ACM Digital Library"," Elsevier", "IEEE Explore", "Science Direct", "Springer" and proceedings of best domain specific conference are considered. By employing hybrid research methodology and article inclusion and exclusion criteria, 100 research articles are considered encompassing 23 application domains for the survey. In this paper applications of GAN in various practical domain and their implementation challenges its associated advantages and disadvantages have been discussed. For the first time a survey of this type have been done where GAN with wide range of application and its associated advantages and disadvantages issue have been reviewed. Finally, this article presents several diversified prominent developing trends in the respective research domain which will provide a visionary perspective regarding ongoing GANs related research and eventually help to develop an intuition for problem solving using GANs.

show abstract

“…Second, regarding selected attack methods, a few notable attack methods include simple append attack [9], attacking using randomly generated perturbation [4], and attacking using specific perturbations that lowers a malware detector's score [5]. More advanced methods incorporate machine learning techniques (Genetic Programming [1] [6], Gradient Descent [3], and Dynamic Programming [7]) and implement advanced DL-based techniques (Generative Adversarial Networks [8], Deep Reinforcement Learning [10], and Generative Recurrent Neural Networks [2] [11]). Third, and most importantly, while a sizable amount of AMG research either do not limit the number of queries to the malware detector or allow conducting multiple queries, few studies (Suciu et al [9]) operate in a single-shot AMG evasion setting.…”

Section: A Adversarial Malware Generation (Amg)mentioning

confidence: 99%

Single-Shot Black-Box Adversarial Attacks Against Malware Detectors: A Causal Language Model Approach

Hu¹,

Ebrahimi²,

Chen³

2021

Preprint

View full text Add to dashboard Cite

Deep Learning (DL)-based malware detectors are increasingly adopted for early detection of malicious behavior in cybersecurity. However, their sensitivity to adversarial malware variants has raised immense security concerns. Generating such adversarial variants by the defender is crucial to improving the resistance of DL-based malware detectors against them. This necessity has given rise to an emerging stream of machine learning research, Adversarial Malware example Generation (AMG), which aims to generate evasive adversarial malware variants that preserve the malicious functionality of a given malware. Within AMG research, black-box method has gained more attention than white-box methods. However, most black-box AMG methods require numerous interactions with the malware detectors to generate adversarial malware examples. Given that most malware detectors enforce a query limit, this could result in generating non-realistic adversarial examples that are likely to be detected in practice due to lack of stealth. In this study, we show that a novel DL-based causal language model enables singleshot evasion (i.e., with only one query to malware detector) by treating the content of the malware executable as a byte sequence and training a Generative Pre-Trained Transformer (GPT). Our proposed method, MalGPT, significantly outperformed the leading benchmark methods on a real-world malware dataset obtained from VirusTotal, achieving over 24.51% evasion rate. MalGPT enables cybersecurity researchers to develop advanced defense capabilities by emulating large-scale realistic AMG.

show abstract

ARMED: How Automatic Malware Modifications Can Evade Static Detection?

Cited by 33 publications

References 22 publications

Binary Black-box Evasion Attacks Against Deep Learning-based Static Malware Detectors with Adversarial Byte-Level Language Model

Binary Black-box Evasion Attacks Against Deep Learning-based Static Malware Detectors with Adversarial Byte-Level Language Model

Spectrum of Advancements and Developments in Multidisciplinary Domains for Generative Adversarial Networks (GANs)

Single-Shot Black-Box Adversarial Attacks Against Malware Detectors: A Causal Language Model Approach

Contact Info

Product

Resources

About