Chia-Min Lai
ABSTRACT
As the worldwide internet has non-stop developments, it comes with enormous amount automatically generated malware. Those malware had become huge threaten to computer users. A comprehensive malware family classifier can help security researchers to quickly identify characteristics of malware which help malware analysts to investigate in more efficient way. However, despite the assistance of the artificial intelligent (AI) classifiers, it has been shown that the AI-based classifiers are vulnerable to so-called adversarial attacks. In this paper, we demonstrate how the adversarial settings can be applied to the classifier of malware families classification. Our experimental results achieved high successful rate through the adversarial attack. We also find the important features which are ignored by malware analysts but useful in the future analysis.
- G. E. Dahl, J. W. Stokes, L. Deng, and D. Yu, "Large-scale malware classification using random projections and neural networks," in Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on, pp. 3422--3426, IEEE, 2013.Google Scholar
Cross Ref
- I. J. Goodfellow, J. Shlens, and C. Szegedy, "Explaining and harnessing adversarial examples," arXiv preprint arXiv:1412.6572, 2014.Google Scholar
- N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z. B. Celik, and A. Swami, "The limitations of deep learning in adversarial settings," in Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pp. 372--387, IEEE, 2016.Google Scholar
- "Microsoft Malware Classification Challenge (BIG 2015)." https://www.kaggle.com/c/malware-classification.Google Scholar
- M. Egele, T. Scholte, E. Kirda, and C. Kruegel, "A survey on automated dynamic malware-analysis techniques and tools," ACM Computing Surveys, vol. 44, pp. 1--12, Feb. 2012. Google ScholarDigital Library
- A. Damodaran, F. Di Troia, C. A. Visaggio, T. H. Austin, and M. Stamp, "A comparison of static, dynamic, and hybrid analysis for malware detection," Journal of Computer Virology and Hacking Techniques, vol. 13, no. 1, pp. 1--12, 2017.Google ScholarCross Ref
- X. Wang and S. M. Yiu, "A multi-task learning model for malware classification with useful file access pattern from API call sequence," arXiv preprint arXiv:1610.05945, 2016.Google Scholar
- W. S. McCulloch and W. Pitts, "A logical calculus of the ideas immanent in nervous activity," Bulletin of mathematical biology, vol. 52, no. 1, pp. 99--115, 1990.Google ScholarCross Ref
- Y. Lecun, L. Bottou, Y. Bengio, and P. Haffner, "Gradient-based learning applied to document recognition," Proceedings of the IEEE, vol. 86, pp. 2278--2324, Nov. 1998.Google ScholarCross Ref
- A. Krizhevsky, I. Sutskever, and G. E. Hinton, "Imagenet classification with deep convolutional neural networks," in Advances in neural information processing systems, pp. 1097--1105, 2012. Google ScholarDigital Library
- C. Szegedy, W. Liu, Y. Jia, P. Sermanet, S. Reed, D. Anguelov, D. Erhan, V. Vanhoucke, and A. Rabinovich, "Going deeper with convolutions," pp. 1--9, June 2015.Google Scholar
- D. Silver, A. Huang, C. J. Maddison, A. Guez, L. Sifre, G. van den Driessche, J. Schrittwieser, I. Antonoglou, V. Panneershelvam, M. Lanctot, S. Dieleman, D. Grewe, J. Nham, N. Kalchbrenner, I. Sutskever, T. Lillicrap, M. Leach, K. Kavukcuoglu, T. Graepel, and D. Hassabis, "Mastering the game of Go with deep neural networks and tree search," Nature, vol. 529, pp. 484--489, Jan. 2016.Google ScholarCross Ref
- R. S. Sutton, D. A. McAllester, S. P. Singh, and Y. Mansour, "Policy gradient methods for reinforcement learning with function approximation," in Advances in neural information processing systems, pp. 1057--1063, 2000. Google ScholarDigital Library
- R. Coulom, "Efficient Selectivity and Backup Operators in Monte-Carlo Tree Search," in Proceedings of the 5th International Conference on Computers and Games, CG'06, (Berlin, Heidelberg), pp. 72--83, Springer-Verlag, 2007. Google ScholarDigital Library
- D. Ciregan, U. Meier, and J. Schmidhuber, "Multi-column deep neural networks for image classification," in 2012 IEEE Conference on Computer Vision and Pattern Recognition, pp. 3642--3649, June 2012. Google ScholarDigital Library
- N. Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. B. Celik, and A. Swami, "Practical Black-Box Attacks against Machine Learning," pp. 506--519, ACM Press, 2017. Google ScholarDigital Library
- B. Biggio, G. Fumera, and F. Roli, "Pattern recognition systems under attack: Design issues and research challenges," International Journal of Pattern Recognition and Artificial Intelligence, vol. 28, no. 07, p. 1460002, 2014.Google ScholarCross Ref
- L. Huang, A. D. Joseph, B. Nelson, B. I. Rubinstein, and J. D. Tygar, "Adversarial machine learning," in Proceedings of the 4th ACM workshop on Security and artificial intelligence, pp. 43--58, ACM, 2011. Google ScholarDigital Library
- I. Goodfellow, N. Papernot, and P. McDaniel, "cleverhans v0. 1: an adversarial machine learning library," arXiv preprint arXiv:1610.00768, 2016.Google Scholar
- K. Simonyan, A. Vedaldi, and A. Zisserman, "Deep inside convolutional networks: Visualising image classification models and saliency maps," CoRR, vol. abs/1312.6034, 2013.Google Scholar
- "VirTool:Win32/Obfuscator.ACY threat description - Windows Defender Security Intelligence."Google Scholar
Index Terms
- Implementation of adversarial scenario to malware analytic
Recommendations
The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems
ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015Nowadays a lot of botnet are being used for the purpose of cybercrime such as distributed denial of services (DDos) or information stealing. Botnet is a collection of computers connected through Internet that has been taken over by an attacker using ...
Malware Detection by Static Checking and Dynamic Analysis of Executables
The advanced malware continue to be a challenge in digital world that signature-based detection techniques fail to conquer. The malware use many anti-detection techniques to mutate. Thus no virus scanner can claim complete malware detection even for ...
The rise of malware
Malicious software (malware) is a computer program designed to create harmful and undesirable effects. It considered as one of the many dangerous threats for Internet users. Rootkit, botnet, worm, spyware and Trojan horse are the most common types of ...
Comments