Binary Black-Box Attacks Against Static Malware Detectors with Reinforcement Learning in Discrete Action Spaces

Ebrahimi, Mohammadreza; Pacheco, Jason; Liu, Weifeng; Hu, James Lee; Chen, Hsinchun

doi:10.1109/spw53761.2021.00021

Cited by 11 publications

(10 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Without addressing adversarial attacks, proposing malware detectors or classifiers is an endless and unfruitful task lacking substantial scientific advancement. For instance, the DL-based static malware detector proposed in another paper worked well in the evaluation, but malware adversarial samples still sneak through the model [13][14][15]29]. That is probably why the malware never stops despite the hundreds of detectors being proposed.…”

Section: Motivationmentioning

confidence: 99%

“…The process of MalDBA is as follows: First, malicious datasets are obtained from the VirusShare website [12], benign datasets are collected through crawling, and a malware detection model MalConv is pretrained [13]. Then, two different black-box adversarial attacks are reconstructed [14,15], and the history of query results (also known as the intermediate samples) of these attacks are saved. We can find that the prediction scores of these intermediate samples under MalConv model detection are gradually decreasing (meaning that the original malware tends to become a benign-looking sample after adding perturbations).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MalDBA: Detection for Query-Based Malware Black-Box Adversarial Attacks

et al. 2023

View full text Add to dashboard Cite

The increasing popularity of Industry 4.0 has led to more and more security risks, and malware adversarial attacks emerge in an endless stream, posing great challenges to user data security and privacy protection. In this paper, we investigate the stateful detection method for artificial intelligence deep learning-based malware black-box attacks, i.e., determining the presence of adversarial attacks rather than detecting whether the input samples are malicious or not. To this end, we propose the MalDBA method for experiments on the VirusShare dataset. We find that query-based black-box attacks produce a series of highly similar historical query results (also known as intermediate samples). By comparing the similarity among these intermediate samples and the trend of prediction scores returned by the detector, we can detect the presence of adversarial samples in indexed samples and thus determine whether an adversarial attack has occurred, and then protect user data security and privacy. The experimental results show that the attack detection rate can reach 100%. Compared to similar studies, our method does not require heavy feature extraction tasks or image conversion and can be operated on complete PE files without requiring a strong hardware platform.

show abstract

Section: Motivationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

MalDBA: Detection for Query-Based Malware Black-Box Adversarial Attacks

et al. 2023

View full text Add to dashboard Cite

show abstract

“…On the basis of gym-malware, there are multiple follow-up work [20,39,41,42,72,76,139] proposing problem-space black-box adversarial attacks against static PE malware detection models.…”

Section: 22mentioning

confidence: 99%

“…Ebrahimi et al [39] suggest that the RL-based adversarial attacks against PE malware detectors normally employ actor-critic or DQN, which are limited in handling environments with combinatorially large state space. Naturally, they propose an improved RL-based adversarial attack framework of AMG-VAC on the basis of gym-malware [8,9] by adopting the variational actor-critic, which has been demonstrated to be the state-of-the-art performance in handling environments with combinatorially large state space.…”

Section: 22mentioning

confidence: 99%

See 1 more Smart Citation

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

Ling¹,

Wu²,

Zhang³

et al. 2021

Preprint

View full text Add to dashboard Cite

The malware has been being one of the most damaging threats to computers that span across multiple operating systems and various file formats. To defend against the ever-increasing and ever-evolving threats of malware, tremendous efforts have been made to propose a variety of malware detection methods that attempt to effectively and efficiently detect malware so as to mitigate possible damages as earlier as possible. Recent studies have shown that, one the one hand, existing machine learning (ML) and deep learning (DL) techniques enable the superior detection of newly emerging and previously unseen malware. However, on the other hand, ML and DL models are inherently vulnerable to adversarial attacks in the form of adversarial examples, which are maliciously generated by slightly and carefully perturbing the legitimate inputs to confuse the targeted models. Basically, adversarial attacks are initially extensively studied in the domain of computer vision like image classification, and some quickly expanded to other domains, including natural language processing, audio recognition and even malware detection which is extremely critical to computers.In this paper, we focus on malware with the file format of portable executable (PE) in the family of Windows operating systems, namely Windows PE malware, as a representative case to study the adversarial attack methods in such adversarial settings. To be specific, we start by first outlining the general learning framework of Windows PE malware detection based on ML/DL and subsequently highlighting three unique challenges of performing adversarial attacks in the context of Windows PE malware. We then conduct a comprehensive and systematic review to categorize the state-of-the-art adversarial attacks against PE malware detection, as well as corresponding defenses to increase the robustness of Windows PE malware detection. We conclude the paper by first presenting other related attacks against Windows PE malware detection beyond the adversarial attacks and then shedding light on future research directions and opportunities. In addition, a curated resource list of adversarial attacks and defenses for Windows PE malware detection is also available at https://github.com/ryderling/adversarial-attacks-and-defenses-for-windows-pe-malware-detection. CCS Concepts: • Security and privacy → Intrusion/anomaly detection and malware mitigation; • Theory of computation → Adversarial learning.

show abstract

Optimized Deep Learning Technique for the Effective Detection of Windows PE Malware

Ganapathiyappan,

Yadav

2024

Communications in Computer and Information Science

View full text Add to dashboard Cite

Binary Black-Box Attacks Against Static Malware Detectors with Reinforcement Learning in Discrete Action Spaces

Cited by 11 publications

References 17 publications

MalDBA: Detection for Query-Based Malware Black-Box Adversarial Attacks

MalDBA: Detection for Query-Based Malware Black-Box Adversarial Attacks

Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art

Optimized Deep Learning Technique for the Effective Detection of Windows PE Malware

Contact Info

Product

Resources

About