MAB-Malware

Song, Wei; Li, Xuezixiang; Afroz, Sadia; Garg, Deepali; Kuznetsov, Dmitry A.; Yin, Heng

doi:10.1145/3488932.3497768

Cited by 30 publications

(18 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using these samples, we first evaluate the performance of FUMVar-Ex against the state-of-the-art malware variant generators: FUMVar [11], AIMED [8], RL [6], and MAB-MALWARE [13] (see Section V-A). Next, we examine the detection performance of commercial anti-malware solutions, in particular: Avast, AVG, BitDefender, Kaspersky, Malwarebytes, McAfee, and TrendMicro (see Section V-B).…”

Section: Methodsmentioning

confidence: 99%

“…Several studies have presented various techniques to generate malware variants [5]- [15]. For example, reinforcement learning was used to generate malware samples against antimalware products in [6], [13], [14], as well as a genetic algorithm-based framework named AIMED [8] that randomly applies perturbations to generate malware samples. However, most existing techniques do not ensure that the generated variants' behaviors are identical to the original malware sample's behaviors.…”

Section: Introductionmentioning

confidence: 99%

“…The effectiveness of FUMVar-Ex has been compared to four state-of-the-art malware variant generation frameworks: FUMVar [11], AIMED [8], RL [6], and MAB-MALWARE [13]. The experimental results demonstrate that FUMVar-Ex outperforms the other frameworks, achieving a remarkable improvement in evasiveness of up to 19% compared to the second most effective framework, FUMVar [11].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

On the Effectiveness of Perturbations in Generating Evasive Malware Variants

Jin

Choi²,

Hong

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Malware variants are generated using various evasion techniques to bypass malware detectors, so it is important to understand what properties make them evade malware detection techniques. To do this, a framework is proposed to effectively generate fully-working, unseen malware samples on Windows portable executable (PE) files with various perturbations such as code obfuscation and benign section addition. Using this framework, we were able to bypass various commercial anti-malware solutions (e.g., BitDefender, AVG, Kaspersky, and Avast) using the generated malware variants, with up to 86% more evasiveness than the original malware samples, and up to 28% more evasive compared with our previously proposed solution FUMVar. Our results are useful in terms of improving malware detection techniques, by analyzing different perturbations and their effectiveness, which leads to a better understanding of how malware variants could be generated that are more evasive and which malware categories they belong to. We found that the most effective perturbation is the code obfuscation using XOR -the malware variants generated by the code obfuscation can evade the detection of 28 anti-malware engines on average. Therefore, our experimental results and observations would be useful to develop anti-malware solutions that would be effective in detecting malware variants that have not been seen previously.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On the Effectiveness of Perturbations in Generating Evasive Malware Variants

Jin

Choi²,

Hong

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…We also consider attackers than perform instruction-level edits in Section 3.3.3. We note that edit distance is a reasonable proxy for the cost of running evasion attacks that iteratively apply localized functionalitypreserving edits (e.g., [20,52,57,60,76]). For these attacks, the edit distance scales roughly linearly with the number of attack iterations, and therefore the adversary has an incentive to minimize edit distance.…”

Section: 22mentioning

confidence: 99%

“…adversarial examples) raises concerns about using these models in practice. For example, successful attacks have been demonstrated in general settings [30,35] and domains such as computer vision [26,33,74], natural language [3,29,67], and malware detection [20,21,40,42,52,60,76,77]. While a multitude of defenses have been proposed against evasion attacks, they have historically been broken by stronger attacks.…”

Section: Introductionmentioning

confidence: 99%

Certified Robustness of Learning-based Static Malware Detectors

Huang¹,

Marchant²,

Lucas³

et al. 2023

Preprint

View full text Add to dashboard Cite

Certified defenses are a recent development in adversarial machine learning (ML), which aim to rigorously guarantee the robustness of ML models to adversarial perturbations. A large body of work studies certified defenses in computer vision, where ℓ 𝑝 norm-bounded evasion attacks are adopted as a tractable threat model. However, this threat model has known limitations in vision, and is not applicable to other domains-e.g., where inputs may be discrete or subject to complex constraints. Motivated by this gap, we study certified defenses for malware detection, a domain where attacks against ML-based systems are a real and current threat. We consider static malware detection systems that operate on byte-level data. Our certified defense is based on the approach of randomized smoothing which we adapt by: (1) replacing the standard Gaussian randomization scheme with a novel deletion randomization scheme that operates on bytes or chunks of an executable; and(2) deriving a certificate that measures robustness to evasion attacks in terms of generalized edit distance. To assess the size of robustness certificates that are achievable while maintaining high accuracy, we conduct experiments on malware datasets using a popular convolutional malware detection model, MalConv. We are able to accurately classify 91% of the inputs while being certifiably robust to any adversarial perturbations of edit distance 128 bytes or less. By comparison, an existing certification of up to 128 bytes of substitutions (without insertions or deletions) achieves an accuracy of 78%. In addition, given that robustness certificates are conservative, we evaluate practical robustness to several recently published evasion attacks and, in some cases, find robustness beyond certified guarantees. CCS CONCEPTS• Security and privacy → Logic and verification; Malware and its mitigation; • Computing methodologies → Machine learning.

show abstract