Over the years, machine learning, particularly deep learning, has become a key component in the malware detection paradigm. These models are very effective to detect harmful software by identifying recurring malicious patterns within the executables. However, detection models often remain opaque and their boundaries may not align with expected behaviors. Consequently, malicious actors can fine-tune their malware to evade machine-learning-based detection models and perform malicious operations. Thus, the study of the adversarial attacks can help to identify the limitations of existing malware detection systems to improve their robustness. This paper introduces a new attack methodology on deep-learning-based detection systems with the objective of generating adversarial patterns with high transferability properties. This attack operates in a white-box context using a gradient-based optimization process and considers a set of malware to maximize the transferability of the pattern. The result indicates that our patterns can be injected to any malware at any address within the .data section prior compilation and deceive the Malconv detection model in 80% of the test cases.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Robust Adversarial Patterns to Defeat Deep Learning Malware Detection Systems

  • Pierre-François Maillard,
  • Sudipta Das,
  • Bimal Kumar Roy

摘要

Over the years, machine learning, particularly deep learning, has become a key component in the malware detection paradigm. These models are very effective to detect harmful software by identifying recurring malicious patterns within the executables. However, detection models often remain opaque and their boundaries may not align with expected behaviors. Consequently, malicious actors can fine-tune their malware to evade machine-learning-based detection models and perform malicious operations. Thus, the study of the adversarial attacks can help to identify the limitations of existing malware detection systems to improve their robustness. This paper introduces a new attack methodology on deep-learning-based detection systems with the objective of generating adversarial patterns with high transferability properties. This attack operates in a white-box context using a gradient-based optimization process and considers a set of malware to maximize the transferability of the pattern. The result indicates that our patterns can be injected to any malware at any address within the .data section prior compilation and deceive the Malconv detection model in 80% of the test cases.