A New Formulation for Zeroth-Order Optimization of Adversarial EXEmples in Malware Detection

• URL: http://arxiv.org/abs/2405.14519v1
• Date: Thu, 23 May 2024 13:01:36 GMT
• Title: A New Formulation for Zeroth-Order Optimization of Adversarial EXEmples in Malware Detection
• Authors: Marco Rando, Luca Demetrio, Lorenzo Rosasco, Fabio Roli,
• Abstract summary: We show how learning malware detectors can be cast within a zeroth-order optimization framework. We propose and study ZEXE, a novel zero-order attack against Windows malware detection.
• Score: 14.786557372850094
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Machine learning malware detectors are vulnerable to adversarial EXEmples, i.e. carefully-crafted Windows programs tailored to evade detection. Unlike other adversarial problems, attacks in this context must be functionality-preserving, a constraint which is challenging to address. As a consequence heuristic algorithms are typically used, that inject new content, either randomly-picked or harvested from legitimate programs. In this paper, we show how learning malware detectors can be cast within a zeroth-order optimization framework which allows to incorporate functionality-preserving manipulations. This permits the deployment of sound and efficient gradient-free optimization algorithms, which come with theoretical guarantees and allow for minimal hyper-parameters tuning. As a by-product, we propose and study ZEXE, a novel zero-order attack against Windows malware detection. Compared to state-of-the-art techniques, ZEXE provides drastic improvement in the evasion rate, while reducing to less than one third the size of the injected content.

Related papers

• MalPurifier: Enhancing Android Malware Detection with Adversarial Purification against Evasion Attacks [19.68134775248897]
  MalPurifier exploits adversarial purification to eliminate perturbations independently, resulting in attack mitigation in a light and flexible way. Experimental results on two Android malware datasets demonstrate that MalPurifier outperforms the state-of-the-art defenses.
  arXiv  Detail & Related papers  (2023-12-11T14:48:43Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• PAD: Towards Principled Adversarial Malware Detection Against Evasion Attacks [17.783849474913726]
  We propose a new adversarial training framework, termed Principled Adversarial Malware Detection (PAD) PAD lays on a learnable convex measurement that quantifies distribution-wise discrete perturbations to protect malware detectors from adversaries. PAD can harden ML-based malware detection against 27 evasion attacks with detection accuracies greater than 83.45%. It matches or outperforms many anti-malware scanners in VirusTotal against realistic adversarial malware.
  arXiv  Detail & Related papers  (2023-02-22T12:24:49Z)
• OOG- Optuna Optimized GAN Sampling Technique for Tabular Imbalanced Malware Data [0.0]
  Generative Adversarial Network (GAN) sampling technique has been used in this study to generate new malware samples. In this study, the architecture of the Optuna Optimized GAN (OOG) method is shown, along with scores of 98.06%, 99.0%, 97.23%, and 98.04% for accuracy, precision, recall and f1 score respectively.
  arXiv  Detail & Related papers  (2022-11-25T16:59:30Z)
• Flexible Android Malware Detection Model based on Generative Adversarial Networks with Code Tensor [7.417407987122394]
  Existing malware detection methods only target at the existing malicious samples. In this paper, we propose a novel scheme that detects malware and its variants efficiently.
  arXiv  Detail & Related papers  (2022-10-25T03:20:34Z)
• A two-steps approach to improve the performance of Android malware detectors [4.440024971751226]
  We propose GUIDED RETRAINING, a supervised representation learning-based method that boosts the performance of a malware detector. We validate our method on four state-of-the-art Android malware detection approaches using over 265k malware and benign apps. Our method is generic and designed to enhance the classification performance on a binary classification task.
  arXiv  Detail & Related papers  (2022-05-17T12:04:17Z)
• Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors [49.34155921877441]
  We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors. We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware. Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
  arXiv  Detail & Related papers  (2021-11-19T08:02:38Z)
• Sparse and Imperceptible Adversarial Attack via a Homotopy Algorithm [93.80082636284922]
  Sparse adversarial attacks can fool deep networks (DNNs) by only perturbing a few pixels. Recent efforts combine it with another l_infty perturbation on magnitudes. We propose a homotopy algorithm to tackle the sparsity and neural perturbation framework.
  arXiv  Detail & Related papers  (2021-06-10T20:11:36Z)
• Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits [55.740716446995805]
  We study a novel attack paradigm, which modifies model parameters in the deployment stage for malicious purposes. Our goal is to misclassify a specific sample into a target class without any sample modification. By utilizing the latest technique in integer programming, we equivalently reformulate this BIP problem as a continuous optimization problem.
  arXiv  Detail & Related papers  (2021-02-21T03:13:27Z)
• Byzantine-Resilient Non-Convex Stochastic Gradient Descent [61.6382287971982]
  adversary-resilient distributed optimization, in which. machines can independently compute gradients, and cooperate. Our algorithm is based on a new concentration technique, and its sample complexity. It is very practical: it improves upon the performance of all prior methods when no. setting machines are present.
  arXiv  Detail & Related papers  (2020-12-28T17:19:32Z)
• Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
  adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
  arXiv  Detail & Related papers  (2020-08-17T07:16:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.