Skip to main content
Springer Nature Link
Log in

Universal Adversarial Perturbations of Malware

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12653))

Included in the following conference series:

  • 815 Accesses

Abstract

Adversarial malware examples refer to the malwares that can evade the malware detector. Researching adversarial malware examples can help us find the vulnerability of malware detector and improve the defense ability of cyberspace. Considering the huge market share of android system, adversarial malware examples of android are studied in this paper. And an algorithm is proposed to find universal adversarial perturbations of malware. Such perturbation can be inserted the different malwares to generate adversarial examples. Then the effectiveness of algorithm is verified in the experiment. And three classic android malware detectors are used as targets. Experimental results show that universal adversarial perturbations for different machine learning models can be discovered via the proposed algorithm.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Mobile operating systems’ market share worldwide from January 2012 to December 2019. https://www.statista.com/statistics/272698/global-market-share-held-by-mobile-operating-systems-since-2009/. Accessed 16 Apr 2020

  2. Arp, D., Spreitzenbarth, M., Hubner, M., et al.: Drebin: Effective and explainable detection of android malware in your pocket. In: The Network and Distributed System Security Symposium (NDSS), pp. 23–26. ISOC, San Diego (2014)

    Google Scholar 

  3. Mariconti, E., Onwuzurike, L., Andriotis, P., et al.: Mamadroid: Detecting android malware by building markov chains of behavioral models (2016). arXiv preprint, arXiv:1612.04433

  4. Grosse, K., Papernot, N., Manoharan, P., et al.: Adversarial perturbations against deep neural networks for malware classification (2016). arXiv preprint, arXiv:1606.04435

  5. Chen, X., Li, C., Wang, D., et al.: Android HIV: a study of repackaging malware for evading machine-learning detection. IEEE Trans. Inf. Foren. Sec. 15, 987–1001 (2019)

    Article  Google Scholar 

  6. Szegedy, C., Zaremba, W., Sutskever, I., et al.: Intriguing properties of neural networks (2013). arXiv preprint, arXiv:1312.6199

  7. Moosavi-Dezfooli, S.-M., Fawzi, A., Fawzi, O., et al.: Universal adversarial perturbations. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 1765–1773. IEEE, Puerto Rico (2017)

    Google Scholar 

  8. Raff, E., Barker, J., Sylvester, J., et al.: Malware detection by eating a whole exe. In: Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence. AAAI Press, Louisiana (2018)

    Google Scholar 

  9. Kolosnjaji, B., Demontis, A., Biggio, B., et al.: Adversarial malware binaries: evading deep learning for malware detection in executables. In: 26th European Signal Processing Conference (EUSIPCO), PP. 533–537. IEEE, Rome (2018)

    Google Scholar 

  10. Demetrio, L., Biggio, B., Lagorio, G., et al.: Explaining vulnerabilities of deep learning to adversarial malware binaries (2019). arXiv preprint, arXiv:1901.03583

  11. Chen, B., Ren, Z., Yu, C., et al.: Adversarial examples for CNN-based malware detectors. IEEE Access 7, 54360–54371 (2019)

    Article  Google Scholar 

  12. Kreuk, F., Barak, A., Aviv-Reuven, S., et al.: Adversarial examples on discrete sequences for beating whole-binary malware detection (2018). arXiv preprint, arXiv:1802.04528

  13. Madry, A., Makelov, A., Schmidt, L., et al.: Towards deep learning models resistant to adversarial attacks (2017). arXiv preprint, arXiv:1706.06083

  14. Al-Dujaili, A., Huang, A., Hemberg, E., et al.: Adversarial deep learning for robust detection of binary encoded malware. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 76–82. IEEE, San Francisco (2018)

    Google Scholar 

  15. Labaca-Castro, R., Biggio, B., Dreo Rodose, k.-G.: Poster: Attacking malware classifiers by crafting gradient-attacks that preserve functionality. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2565–2567. Association for Computing Machinery, London (2019)

    Google Scholar 

  16. Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN (2017). arXiv preprint, arXiv:1702.05983

  17. Hu, W., Tan, Y.: Black-box attacks against RNN based malware detection algorithms. In: Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence. AAAI Press, Louisiana (2018)

    Google Scholar 

  18. Li, H., Zhou, S.-Y., Yuan, W., et al.: Adversarial-example attacks toward android malware detection system. IEEE Syst. J. 1(4), 653–656 (2019)

    Google Scholar 

  19. Rosenberg, I., Shabtai, A., Rokach, L., Elovici, Y.: Generic black-box end-to-end attack against state of the art API call based malware classifiers. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 490–510. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_23

    Chapter  Google Scholar 

  20. Castro, R.-L., Schmitt, C., Rodosek, G.-D.: ARMED: how automatic malware modifications can evade static detection. In: 5th International Conference on Information Management (ICIM), pp. 20–27. IEEE, Cape Town (2019)

    Google Scholar 

  21. Suciu, O., Coull, S.-E., Johns, J.: Exploring adversarial examples in malware detection. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 8–14. IEEE, San Francisco (2019)

    Google Scholar 

  22. Pierazzi, F., Pendlebury, F., Cortellazzi, J., et al.: Intriguing properties of adversarial ML attacks in the problem space. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1332–1349. IEEE, San Francisco (2020)

    Google Scholar 

  23. Mao, x., Chen, Y., Wang, S., et al.: Composite Adversarial Attacks. In: Thirty-Fifth AAAI Conference on Artificial Intelligence (AAAI). AAAI, Vancouver, Mao et al. proposed a new composite adversarial attack method, which can automatically search for the best combination of attack algorithms and their hyperparameters from the candidate attacks (2021)

    Google Scholar 

  24. Li, L., Gao, J., Hurier, M., et al.: Androzoo++: Collecting millions of android apps and their metadata for the research community (2017). arXiv preprint, arXiv:1709.05281

  25. Google play. https://developer.android.google.cn/distribute/google-play?hl=zh-cn. Accessed 15 Apr 2020

  26. AppChina. http://www.appchina.com. Accessed 12 Apr 2020

  27. VirusShare. https://virusshare.com. Accessed 16 Apr 2020

Download references

Author information

Authors and Affiliations

  1. Institute of Artificial Intelligence and Blockchain, Guangzhou University, Guangzhou, 510006, China

    Ruitao Hou, Xiaoyu Xiang, Qixiang Zhang, Jiabao Liu & Teng Huang

Authors
  1. Ruitao Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaoyu Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qixiang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jiabao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Teng Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Teng Huang .

Editor information

Editors and Affiliations

  1. Hainan University, Haiukou, China

    Jieren Cheng

  2. Hainan University, Haikou, China

    Xiangyan Tang

  3. Hainan University, Haikou, China

    Xiaozhang Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hou, R., Xiang, X., Zhang, Q., Liu, J., Huang, T. (2021). Universal Adversarial Perturbations of Malware. In: Cheng, J., Tang, X., Liu, X. (eds) Cyberspace Safety and Security. CSS 2020. Lecture Notes in Computer Science(), vol 12653. Springer, Cham. https://doi.org/10.1007/978-3-030-73671-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-73671-2_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-73670-5

  • Online ISBN: 978-3-030-73671-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics