Abstract

The convolutional neural network (CNN)-based models have achieved tremendous breakthroughs in many end-to-end applications, such as image identification, text classification, and speech recognition. By replicating these successes to the field of malware detection, several CNN-based malware detectors have achieved encouraging performance without significant feature engineering effort in recent years. Unfortunately, by analyzing their robustness using gradient-based algorithms, several studies have shown that some of these malware detectors are vulnerable to the evasion attacks (also known as adversarial examples). However, the existing attack methods can only achieve quite low attack success rates. In this paper, we propose two novel white-box methods and one novel black-box method to attack a recently proposed malware detector. By incorporating the gradient-based algorithm, one of our white-box methods can achieve a success rate of over 99%. Without prior knowledge of the exact structure and internal parameters of the detector, the proposed black-box method can also achieve a success rate of over 70%. In addition, we consider adversarial training as a defensive mechanism in order to resist evasion attacks. While proving the effectiveness of adversarial training, we also analyze its security risk, that is, a large number of adversarial examples can poison the training dataset of the detector. Therefore, we propose a pre-detection mechanism to reject adversarial examples. The experiments show that this mechanism can effectively improve the safety and efficiency of malware detection.

Full Text

Published Version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Single-Shot Black-Box Adversarial Attacks Against Malware Detectors: A Causal Language Model Approach
James Lee Hu ... Hsinchun Chen
-
James Lee Hu, et. al.James Lee Hu ... Hsinchun Chen
02 Nov 2021
Restoration of Adversarial Examples Using Image Arithmetic Operations
Kazim Ali ... Adnan N Quershi
Intelligent Automation & Soft Computing | VOL. 32
Kazim Ali, et. al.Kazim Ali ... Adnan N Quershi
01 Jan 2021
Adversarial Training with Knowledge Distillation Considering Intermediate Representations in CNNs
Hikaru Higuchi ... Hayaru Shouno
-
Hikaru Higuchi, et. al.Hikaru Higuchi ... Hayaru Shouno
01 Jan 2023
Characterizing Speech Adversarial Examples Using Self-Attention U-Net Enhancement
Chao-Han Yang ... Jun Qi
-
Chao-Han Yang, et. al.Chao-Han Yang ... Jun Qi
01 May 2020
View more papers

More From: IEEE Access

Paper Title
Journal
Date
Author
A Deeper Look Into Remote Sensing Scene Image Misclassification by CNNs
Anas Tukur Balarabe ... Ivan Jordanov
IEEE Access | VOL. 12
Anas Tukur Balarabe, et. al.Anas Tukur Balarabe ... Ivan Jordanov
01 Jan 2024
DL-ADS: Improved Grey Wolf Optimization Enabled AE-LSTM Technique for Efficient Network Anomaly Detection in Internet of Thing Edge Computing
J Manokaran ... G Vairavel
IEEE Access | VOL. 12
J Manokaran, et. al.J Manokaran ... G Vairavel
01 Jan 2024
Applying Syntax-Prosody Mapping Hypothesis and Boundary-Driven Theory to Neural Sequence-to-Sequence Speech Synthesis
Kei Furukawa ... Sakriani Sakti
IEEE Access | VOL. 12
Kei Furukawa, et. al.Kei Furukawa ... Sakriani Sakti
01 Jan 2024
A Compact and Low Latency SPM Architecture for ECC Cryptosystems
Khalid Javeed ... Fadi Sibai
IEEE Access | VOL. -
Khalid Javeed, et. al.Khalid Javeed ... Fadi Sibai
01 Jan 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.