Skip to main content
QUICK REVIEW

[论文解读] Adversarial Examples on Discrete Sequences for Beating Whole-Binary Malware Detection.

Felix Kreuk, Assi Barak|arXiv (Cornell University)|Feb 13, 2018
Adversarial Robustness in Machine Learning参考文献 13被引用 45
一句话总结

本文提出一种新型对抗性攻击,针对全二进制恶意软件检测器,通过向恶意二进制文件追加精心设计的字节序列,使其在保持功能完整的同时以高置信度逃避检测。该方法利用基于CNN的模型,通过在二进制文件中进行离散序列操作,实现了近乎完美的逃避率。

ABSTRACT

In recent years, deep learning has shown performance breakthroughs in many applications, such as image detection, image segmentation, pose estimation, and speech recognition. It was also applied successfully to malware detection. However, this comes with a major concern: deep networks have been found to be vulnerable to adversarial examples. So far successful attacks have been proved to be very effective especially in the domains of images and speech, where small perturbations to the input signal do not change how it is perceived by humans but greatly affect the classification of the model under attack. Our goal is to modify a malicious binary so it would be detected as benign while preserving its original functionality. In contrast to images or speech, small modifications to bytes of the binary lead to significant changes in the functionality. We introduce a novel approach to generating adversarial example for attacking a whole-binary malware detector. We append to the binary file a small section, which contains a selected sequence of bytes that steers the prediction of the network from malicious to be benign with high confidence. We applied this approach to a CNN-based malware detection model and showed extremely high rates of success in the attack.

研究动机与目标

  • 解决基于深度学习的全二进制恶意软件检测器对对抗性样本的脆弱性。
  • 开发一种修改恶意二进制文件的方法,使其在保持功能的同时逃避检测。
  • 在二进制文件的离散域中生成对抗性样本,与传统的图像或语音对抗攻击不同。
  • 通过最小且有针对性的修改,实现对恶意二进制文件的高置信度误分类为良性。

提出的方法

  • 该攻击在恶意二进制文件末尾追加一段简短且经过优化的字节序列。
  • 追加的字节序列被生成以引导基于CNN的恶意软件检测器的预测结果向良性分类偏移。
  • 该方法将二进制文件视为离散序列,从而可应用基于序列的对抗性生成技术。
  • 该攻击受到约束:修改后的二进制文件必须保持原始的恶意功能。
  • 该方法依赖基于梯度的优化,以识别导致误分类的最小字节序列。
  • 该攻击在训练好的基于CNN的恶意软件检测模型上进行了评估,展示了极高的逃避成功率。

实验结果

研究问题

  • RQ1能否在二进制文件的离散空间中有效生成对抗性样本,以逃避全二进制恶意软件检测器?
  • RQ2所提出的方法在使基于CNN的恶意软件检测器将恶意二进制文件误分类为良性方面有多有效?
  • RQ3在对抗性修改后,原始恶意二进制文件的功能在多大程度上得以保留?
  • RQ4实现高置信度逃避所需的对抗性字节序列的最小长度是多少?

主要发现

  • 所提出的方法在逃避基于CNN的全二进制恶意软件检测模型方面取得了极高的成功率。
  • 该攻击成功使模型以高置信度将恶意二进制文件分类为良性。
  • 修改仅涉及追加一小段字节序列,对二进制文件的大小和结构影响极小。
  • 恶意二进制文件在对抗性转换后,其原始功能得以保持。
  • 该攻击证明了在二进制文件的离散域中生成有效对抗性样本的可行性。
  • 结果凸显了基于深度学习的全二进制分析恶意软件检测系统中的关键安全漏洞。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。