Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers

Shapira, Tzvika; Berend, David; Rosenberg, Ishai; Liu, Yang; Shabtai, Asaf; Elovici, Yuval

doi:10.48550/arxiv.2010.16323

Cited by 2 publications

(3 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, it is almost impossible to control and manipulate the labeling process for the poisoning data samples for the adversary, since most of training samples normally are labeled with multiple independent anti-virus engines by security companies and further used to trained the malware detection models. Therefore, considering the practicality of the attack scenario in the wild, both following [119] and [122] belong to the clean-label poisoning attack [120], in which the adversary can control manipulate the poison instance itself, but cannot control the labeling of the poison instance.…”

Section: Training-time Poisoningmentioning

confidence: 99%

“…Shapira et al [122] argue that the attack assumption of feature-space manipulations in [119] is unrealistic and unreasonable for real-world malware classifiers. In pursuit of a poisoning attack in a problem space, Shapira et al propose a novel instance poisoning attack by first selecting the goodware that are most similar to the target malware instance and then adding sections to the goodware for adversarially training the poisoned model.…”

Section: Training-time Poisoningmentioning

confidence: 99%

See 1 more Smart Citation

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

Ling¹,

Wu²,

Zhang³

et al. 2021

Preprint

View full text Add to dashboard Cite

The malware has been being one of the most damaging threats to computers that span across multiple operating systems and various file formats. To defend against the ever-increasing and ever-evolving threats of malware, tremendous efforts have been made to propose a variety of malware detection methods that attempt to effectively and efficiently detect malware so as to mitigate possible damages as earlier as possible. Recent studies have shown that, one the one hand, existing machine learning (ML) and deep learning (DL) techniques enable the superior detection of newly emerging and previously unseen malware. However, on the other hand, ML and DL models are inherently vulnerable to adversarial attacks in the form of adversarial examples, which are maliciously generated by slightly and carefully perturbing the legitimate inputs to confuse the targeted models. Basically, adversarial attacks are initially extensively studied in the domain of computer vision like image classification, and some quickly expanded to other domains, including natural language processing, audio recognition and even malware detection which is extremely critical to computers.In this paper, we focus on malware with the file format of portable executable (PE) in the family of Windows operating systems, namely Windows PE malware, as a representative case to study the adversarial attack methods in such adversarial settings. To be specific, we start by first outlining the general learning framework of Windows PE malware detection based on ML/DL and subsequently highlighting three unique challenges of performing adversarial attacks in the context of Windows PE malware. We then conduct a comprehensive and systematic review to categorize the state-of-the-art adversarial attacks against PE malware detection, as well as corresponding defenses to increase the robustness of Windows PE malware detection. We conclude the paper by first presenting other related attacks against Windows PE malware detection beyond the adversarial attacks and then shedding light on future research directions and opportunities. In addition, a curated resource list of adversarial attacks and defenses for Windows PE malware detection is also available at https://github.com/ryderling/adversarial-attacks-and-defenses-for-windows-pe-malware-detection. CCS Concepts: • Security and privacy → Intrusion/anomaly detection and malware mitigation; • Theory of computation → Adversarial learning.

show abstract

Section: Training-time Poisoningmentioning

confidence: 99%

Section: Training-time Poisoningmentioning

confidence: 99%

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

Ling¹,

Wu²,

Zhang³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…• User-installed Malwares Some AVs allow passengers to install user applications into the onboard entertainment system. When malware [88][89][90][91] is accidentally installed, it may obtain privileged permission and a certain level of control over the vehicle.…”

Section: Security Impact On the Av Safetymentioning

confidence: 99%

A map-based model-driven testing framework for automated driving systems

Tang¹

View full text Add to dashboard Cite

show abstract

Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers

Cited by 2 publications

References 32 publications

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

A map-based model-driven testing framework for automated driving systems

Contact Info

Product

Resources

About