TY - GEN
T1 - Adversarial malware binaries
T2 - 26th European Signal Processing Conference, EUSIPCO 2018
AU - Kolosnjaji, Bojan
AU - Demontis, Ambra
AU - Biggio, Battista
AU - Maiorca, Davide
AU - Giacinto, Giorgio
AU - Eckert, Claudia
AU - Roli, Fabio
N1 - Publisher Copyright:
© EURASIP 2018.
PY - 2018/11/29
Y1 - 2018/11/29
N2 - Machine learning has already been exploited as a useful tool for detecting malicious executable files. Data retrieved from malware samples, such as header fields, instruction sequences, or even raw bytes, is leveraged to learn models that discriminate between benign and malicious software. However, it has also been shown that machine learning and deep neural networks can be fooled by evasion attacks (also known as adversarial examples), i.e., small changes to the input data that cause misclassification at test time. In this work, we investigate the vulnerability of malware detection methods that use deep networks to learn from raw bytes. We propose a gradient-based attack that is capable of evading a recently-proposed deep network suited to this purpose by only changing few specific bytes at the end of each malware sample, while preserving its intrusive functionality. Promising results show that our adversarial malware binaries evade the targeted network with high probability, even though less than 1% of their bytes are modified.
AB - Machine learning has already been exploited as a useful tool for detecting malicious executable files. Data retrieved from malware samples, such as header fields, instruction sequences, or even raw bytes, is leveraged to learn models that discriminate between benign and malicious software. However, it has also been shown that machine learning and deep neural networks can be fooled by evasion attacks (also known as adversarial examples), i.e., small changes to the input data that cause misclassification at test time. In this work, we investigate the vulnerability of malware detection methods that use deep networks to learn from raw bytes. We propose a gradient-based attack that is capable of evading a recently-proposed deep network suited to this purpose by only changing few specific bytes at the end of each malware sample, while preserving its intrusive functionality. Promising results show that our adversarial malware binaries evade the targeted network with high probability, even though less than 1% of their bytes are modified.
UR - https://www.scopus.com/pages/publications/85058628512
U2 - 10.23919/EUSIPCO.2018.8553214
DO - 10.23919/EUSIPCO.2018.8553214
M3 - Conference contribution
AN - SCOPUS:85058628512
T3 - European Signal Processing Conference
SP - 533
EP - 537
BT - 2018 26th European Signal Processing Conference, EUSIPCO 2018
PB - European Signal Processing Conference, EUSIPCO
Y2 - 3 September 2018 through 7 September 2018
ER -