Abstract
Deep Neural Networks(DNNs) have made remarkable breakthroughs in several fields such as computer vision, autonomous vehicles etc. Due to its adaptability to malware evolution, security analysts heavily utilise end-to-end DNNs in malware detection systems. Unfortunately, security threats such as adversarial samples cause these classifiers to output erroneous results. These adversarial samples pose major security and privacy risks since a malware detection model will mistakenly label a malware sample as benign. In this paper, we assess the resilience and reliability of our deep learning-based malware detection algorithm. We employed Malconv architecture for malware detection and classification, which was trained using the Microsoft Malware Dataset. We used the Fast Gradient Sign Method (FGSM), a white-box gradient-based attack, to generate adversarial samples for our malware detection model. Based on the performance of our model against this attack, we draw a comparative study between various mitigation techniques such as adversarial training, ensemble methodologies, and defensive distillation in order to analyse how capable they are at solving the problem at hand. Finally, we propose a novel approach - Iterative Distilled Adversarial Training - that combines two of these defence mechanisms, namely adversarial training and defensive distillation, in order to make our model more resilient to an adversarial attack in a white box setting. As a result, we drastically reduced the FGSM attack success rate by around 75% with only a small increase in training time. Additionally, unlike other multi-model defence strategies like ensemble learning, our technique uses one architecture while offering stronger defensive capabilities by relatively decreasing the success rate of attacks by 15%.
R. Singhal and M. Soni—These authors contributed equally to this work.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gibert, D., Mateu, C., Planes, J.: The rise of machine learning for detection and classification of malware: research developments, trends and challenges. J. Netw. Comput. Appl. 153, 102526 (2020). https://www.sciencedirect.com/science/article/pii/S1084804519303868
Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.: Malware detection by eating a whole exe (2017)
Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39–57 (2017)
Kreuk, F., Barak, A., Aviv-Reuven, S., Baruch, M., Pinkas, B., Keshet, J.: Deceiving end-to-end deep learning malware detectors using adversarial examples, arXiv: Learning (2018)
Szegedy, C., et al.: Intriguing properties of neural networks, arXiv preprint arXiv:1312.6199 (2013)
Moosavi-Dezfooli, S., Fawzi, A., Frossard, P.: Deepfool: a simple and accurate method to fool deep neural networks, CoRR, vol. abs/1511.04599 (2015). http://arxiv.org/abs/1511.04599
Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks (2017). https://arxiv.org/abs/1706.06083
Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale (2016). https://arxiv.org/abs/1611.01236
Papernot, N., McDaniel, P., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks (2015). https://arxiv.org/abs/1511.04508
Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4
Chen, B., Ren, Z., Yu, C., Hussain, I., Liu, J.: Adversarial examples for CNN-based malware detectors. IEEE Access 7, 54 360–54 371 (2019)
Liu, X., Zhang, J., Lin, Y., Li, H.: ATMPA: attacking machine learning-based malware visualization detection methods via adversarial examples. In: 2019 IEEE/ACM 27th International Symposium on Quality of Service (IWQoS), pp. 1–10 (2019)
Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks (2016). https://arxiv.org/abs/1608.04644
Defending against adversarial examples. https://www.osti.gov/biblio/1569514. Accessed 27 May 2022
Wang, J., Chang, X., Wang, Y., Rodríguez, R., Zhang, J.: Lsgan-at: enhancing malware detector robustness against adversarial examples. Cybersecurity 4, 38 (2021)
Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., McDaniel, P.: Ensemble adversarial training: attacks and defenses (2017). https://arxiv.org/abs/1705.07204
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9, 1735–80 (1997)
Cho, K., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation (2014). https://arxiv.org/abs/1406.1078
Zhang, J., Li, C.: Adversarial examples: opportunities and challenges. IEEE Trans. Neural Netw. Learn. Syst. 31(7), 2578–2593 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Singhal, R., Soni, M., Bhatt, S., Khorasiya, M., Jinwala, D.C. (2023). Enhancing Robustness of Malware Detection Model Against White Box Adversarial Attacks. In: Molla, A.R., Sharma, G., Kumar, P., Rawat, S. (eds) Distributed Computing and Intelligent Technology. ICDCIT 2023. Lecture Notes in Computer Science, vol 13776. Springer, Cham. https://doi.org/10.1007/978-3-031-24848-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-24848-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-24847-4
Online ISBN: 978-3-031-24848-1
eBook Packages: Computer ScienceComputer Science (R0)