Abstract
As machine learning technology continues to advance rapidly, an increasing number of researchers are utilizing it in the field of malware detection. Despite the fact that learning-based malware detection systems (LB-MDS) outperform traditional feature-based detection methods in terms of both performance and detection speed, recent research has shown that they are susceptible to attacks from adversarial examples. However, the adversarial examples generated thus far have only been effective against individual LB-MDS and have not been able to simultaneously attack multiple LB-MDS.
In this paper, we propose a black-box adversarial attack framework called Multi-Target Malware Generation (MTMG), which leverages reinforcement learning to simultaneously attack multiple LB-MDS. MTMG selects the obfuscation method and its corresponding parameters from the action space based on the observed state of the malware, and then applies them to generate adversarial examples that deceive multiple LB-MDS. Our results indicate that when simultaneously attacking multiple LB-MDS, including EMBER, MalConv, and six commercial antivirus software, MTMG significantly outperforms the state-of-the-art (SOTA) works, achieving an impressive attack success rate over 82%, while the SOTA works achieve a success rate of less than 6%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Avast 2018. ai & machine learning (2018). https://www.avast.com/en-us/technology/aiand-machine-learning
Machine learning static evasion competition 2019 (2019). https://github.com/endgameinc/malware_evasion_competition
The best antivirus protection (2020). https://www.pcmag.com/picks/thebest-antivirus-protection
Al-Dujaili, A., Huang, A., Hemberg, E., OReilly, U.M.: Adversarial deep learning for robust detection of binary encoded malware, pp. 76–82, May 2018. https://doi.org/10.1109/SPW.2018.00020
Anderson, H.S., Roth, P.: EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints, April 2018
Anderson, H., Kharkar, A., Filar, B., Evans, D., Roth, P.: Learning to evade static pe machine learning malware models via reinforcement learning, January 2018
Han, J., et al.: Once a MAN: towards multi-target attack via learning multi-target adversarial network once. In: ICCV 2019, pp. 5157–5166. IEEE (2019). https://doi.org/10.1109/ICCV.2019.00526
Jia, L., et al.: Funcfooler: a practical black-box attack against learning-based binary code similarity detection methods (2022). https://doi.org/10.48550/ARXIV.2208.14191. https://arxiv.org/abs/2208.14191
Jia, L., Yang, Y., Tang, B., Jiang, Z.: Ermds: a obfuscation dataset for evaluating robustness of learning-based malware detection system. BenchCouncil Trans. Benchmarks Stand. Eval. 3(1), 100106 (2023). https://doi.org/10.1016/j.tbench.2023.100106
Ko, K., Kim, S., Kwon, H.: Multi-targeted audio adversarial example for use against speech recognition systems. Comput. Secur. 128(C), May 2023. https://doi.org/10.1016/j.cose.2023.103168
Mingxing, D., Li, K., Xie, L., Tian, Q., Xiao, B.: Towards multiple black-boxes attack via adversarial example generation network. In: Proceedings of the 29th ACM International Conference on Multimedia, pp. 264–272 (2021)
Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.K.: Malware detection by eating a whole exe. ArXiv abs/1710.09435 (2017)
Song, W., Li, X., Afroz, S., Garg, D., Kuznetsov, D., Yin, H.: Mab-malware: a reinforcement learning framework for blackbox generation of adversarial malware, ASIA CCS 2022, pp. 990–1003 (2022). https://doi.org/10.1145/3488932.3497768
Team., M.D.A.R.: New machine learning model sifts through the good to unearth the bad in evasive malware (2019). https://www.microsoft.com/security/blog/2019/07/25/new-machine-learning-model-sifts-through-the-good-to-unearth-the-bad-in-evasive-malware/
Wang, Z., Schaul, T., Hessel, M., Hasselt, H., Lanctot, M., Freitas, N.: Dueling network architectures for deep reinforcement learning. In: International Conference on Machine Learning, pp. 1995–2003. PMLR (2016)
Yang, C., et al.: DeepMal: maliciousness-Preserving adversarial instruction learning against static malware detection. Cybersecurity 4(1), 1–14 (2021). https://doi.org/10.1186/s42400-021-00079-5
Zhong, F., Cheng, X., Yu, D., Gong, B., Song, S., Yu, J.: Malfox: camouflaged adversarial malware example generation based on c-gans against black-box detectors. ArXiv abs/2011.01509 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Jia, L. et al. (2024). MTMG: A Framework for Generating Adversarial Examples Targeting Multiple Learning-Based Malware Detection Systems. In: Liu, F., Sadanandan, A.A., Pham, D.N., Mursanto, P., Lukose, D. (eds) PRICAI 2023: Trends in Artificial Intelligence. PRICAI 2023. Lecture Notes in Computer Science(), vol 14325. Springer, Singapore. https://doi.org/10.1007/978-981-99-7019-3_24
Download citation
DOI: https://doi.org/10.1007/978-981-99-7019-3_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7018-6
Online ISBN: 978-981-99-7019-3
eBook Packages: Computer ScienceComputer Science (R0)