Skip to main content

MTMG: A Framework for Generating Adversarial Examples Targeting Multiple Learning-Based Malware Detection Systems

  • Conference paper
  • First Online:
PRICAI 2023: Trends in Artificial Intelligence (PRICAI 2023)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 14325))

Included in the following conference series:

  • 1024 Accesses

Abstract

As machine learning technology continues to advance rapidly, an increasing number of researchers are utilizing it in the field of malware detection. Despite the fact that learning-based malware detection systems (LB-MDS) outperform traditional feature-based detection methods in terms of both performance and detection speed, recent research has shown that they are susceptible to attacks from adversarial examples. However, the adversarial examples generated thus far have only been effective against individual LB-MDS and have not been able to simultaneously attack multiple LB-MDS.

In this paper, we propose a black-box adversarial attack framework called Multi-Target Malware Generation (MTMG), which leverages reinforcement learning to simultaneously attack multiple LB-MDS. MTMG selects the obfuscation method and its corresponding parameters from the action space based on the observed state of the malware, and then applies them to generate adversarial examples that deceive multiple LB-MDS. Our results indicate that when simultaneously attacking multiple LB-MDS, including EMBER, MalConv, and six commercial antivirus software, MTMG significantly outperforms the state-of-the-art (SOTA) works, achieving an impressive attack success rate over 82%, while the SOTA works achieve a success rate of less than 6%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Avast 2018. ai & machine learning (2018). https://www.avast.com/en-us/technology/aiand-machine-learning

  2. Machine learning static evasion competition 2019 (2019). https://github.com/endgameinc/malware_evasion_competition

  3. The best antivirus protection (2020). https://www.pcmag.com/picks/thebest-antivirus-protection

  4. Al-Dujaili, A., Huang, A., Hemberg, E., OReilly, U.M.: Adversarial deep learning for robust detection of binary encoded malware, pp. 76–82, May 2018. https://doi.org/10.1109/SPW.2018.00020

  5. Anderson, H.S., Roth, P.: EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models. ArXiv e-prints, April 2018

    Google Scholar 

  6. Anderson, H., Kharkar, A., Filar, B., Evans, D., Roth, P.: Learning to evade static pe machine learning malware models via reinforcement learning, January 2018

    Google Scholar 

  7. Han, J., et al.: Once a MAN: towards multi-target attack via learning multi-target adversarial network once. In: ICCV 2019, pp. 5157–5166. IEEE (2019). https://doi.org/10.1109/ICCV.2019.00526

  8. Jia, L., et al.: Funcfooler: a practical black-box attack against learning-based binary code similarity detection methods (2022). https://doi.org/10.48550/ARXIV.2208.14191. https://arxiv.org/abs/2208.14191

  9. Jia, L., Yang, Y., Tang, B., Jiang, Z.: Ermds: a obfuscation dataset for evaluating robustness of learning-based malware detection system. BenchCouncil Trans. Benchmarks Stand. Eval. 3(1), 100106 (2023). https://doi.org/10.1016/j.tbench.2023.100106

    Article  Google Scholar 

  10. Ko, K., Kim, S., Kwon, H.: Multi-targeted audio adversarial example for use against speech recognition systems. Comput. Secur. 128(C), May 2023. https://doi.org/10.1016/j.cose.2023.103168

  11. Mingxing, D., Li, K., Xie, L., Tian, Q., Xiao, B.: Towards multiple black-boxes attack via adversarial example generation network. In: Proceedings of the 29th ACM International Conference on Multimedia, pp. 264–272 (2021)

    Google Scholar 

  12. Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.K.: Malware detection by eating a whole exe. ArXiv abs/1710.09435 (2017)

    Google Scholar 

  13. Song, W., Li, X., Afroz, S., Garg, D., Kuznetsov, D., Yin, H.: Mab-malware: a reinforcement learning framework for blackbox generation of adversarial malware, ASIA CCS 2022, pp. 990–1003 (2022). https://doi.org/10.1145/3488932.3497768

  14. Team., M.D.A.R.: New machine learning model sifts through the good to unearth the bad in evasive malware (2019). https://www.microsoft.com/security/blog/2019/07/25/new-machine-learning-model-sifts-through-the-good-to-unearth-the-bad-in-evasive-malware/

  15. Wang, Z., Schaul, T., Hessel, M., Hasselt, H., Lanctot, M., Freitas, N.: Dueling network architectures for deep reinforcement learning. In: International Conference on Machine Learning, pp. 1995–2003. PMLR (2016)

    Google Scholar 

  16. Yang, C., et al.: DeepMal: maliciousness-Preserving adversarial instruction learning against static malware detection. Cybersecurity 4(1), 1–14 (2021). https://doi.org/10.1186/s42400-021-00079-5

    Article  MathSciNet  Google Scholar 

  17. Zhong, F., Cheng, X., Yu, D., Gong, B., Song, S., Yu, J.: Malfox: camouflaged adversarial malware example generation based on c-gans against black-box detectors. ArXiv abs/2011.01509 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Zihan Jiang .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jia, L. et al. (2024). MTMG: A Framework for Generating Adversarial Examples Targeting Multiple Learning-Based Malware Detection Systems. In: Liu, F., Sadanandan, A.A., Pham, D.N., Mursanto, P., Lukose, D. (eds) PRICAI 2023: Trends in Artificial Intelligence. PRICAI 2023. Lecture Notes in Computer Science(), vol 14325. Springer, Singapore. https://doi.org/10.1007/978-981-99-7019-3_24

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7019-3_24

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7018-6

  • Online ISBN: 978-981-99-7019-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics