Semantics aware adversarial malware examples generation for black-box attacks

Abstract

Adversarial pseudo-benign examples can be generated to evade malware detection algorithms based on deep learning. Current works on adversarial examples generation mainly focus on the gradient-based attacks due to their easy-to-implement features. Although the Generative Adversarial Network (GAN) has shown a superior performance on adversarial attacks, there is not much work on applying GAN to malware composition due to its complexity and weakness in processing discrete data. API call sequence is considered as the very representative feature to analyze malware behavioral characteristics. However, it is troublesome to insert API calls into the original sequence to cover the malicious purpose with implementation on GAN. In this paper, we propose an adversarial sequence generating algorithm, which highlights the contextual relationship between API calls by using word embedding. We train a recurrent neural network based substitute detection model to fit the black-box malware detection model. We demonstrate the attack against API call sequence-based malware classifiers, and experimental results show that the proposed scheme is efficient and effective, almost all of the generated pseudo-benign malware examples can fool the detection algorithms. It outruns other GAN based schemes in performance and has a lower overhead of API call inserting.