Black-Box Evasion Attack Method Based on Confidence Score of Benign Samples-Reference-Cited by-同舟云学术

Black-Box Evasion Attack Method Based on Confidence Score of Benign Samples

Published:2023-05-23 Issue:11 Volume:12 Page:2346
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Wu Shaohan¹^ORCID,Xue Jingfeng¹,Wang Yong¹^ORCID,Kong Zixiao¹^ORCID

Affiliation:

1. School of Computer Science and Technology, Beijing Institute of Technology, Beijing 100081, China

Abstract

Recently, malware detection models based on deep learning have gradually replaced manual analysis as the first line of defense for anti-malware systems. However, it has been shown that these models are vulnerable to a specific class of inputs called adversarial examples. It is possible to evade the detection model by adding some carefully crafted tiny perturbations to the malicious samples without changing the sample functions. Most of the adversarial example generation methods ignore the information contained in the detection results of benign samples from detection models. Our method extracts sequence fragments called benign payload from benign samples based on detection results and uses an RNN generative model to learn benign features embedded in these sequences. Then, we use the end of the original malicious sample as input to generate an adversarial perturbation that reduces the malicious probability of the sample and append it to the end of the sample to generate an adversarial sample. According to different adversarial scenarios, we propose two different generation strategies, which are the one-time generation method and the iterative generation method. Under different query times and append scale constraints, the maximum evasion success rate can reach 90.8%.

Funder

Major Scientific and Technological Innovation Projects of Shandong Province

National Natural Science Foundation of China

National Key Research & Development Program of China

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/11/2346/pdf

Reference45 articles.

1. Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., and Fergus, R. (2014, January 14–16). Intriguing properties of neural networks. Proceedings of the International Conference on Learning Representations (ICLR), Banff, AB, Canada.

2. Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., and Nicholas, C. (2018, January 2–3). Malware detection by eating a whole EXE. Proceedings of the 32nd AAAI Workshops, New Orleans, LA, USA.

3. Peering Inside the PE: A Tour of the win32 (R) Portable Executable File Format;Pietrek;Microsoft Syst. J.,1994

4. Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B. (2011, January 20). Malware images: Visualization and automatic classification. Proceedings of the 8th International Symposium on Visualization for Cyber Security, Pittsburgh, PA, USA.

5. Simonyan, K., and Zisserman, A. (2014). Very deep convolutional networks for large-scale image recognition. arXiv.