Abstract
To detect unknown malware, several methods with machine learning techniques have been proposed. These methods extract the features of malware, and thereby classify samples as malicious or benign. The previous method extracts words from the source code and detects macro malware. This method constructs a language model latent semantic indexing (LSI) to extract the features. On the other hand, several methods to avoid the detection have been proposed. These methods add benign features to the source code for Android malware. These methods can be applied to the macro malware. In this study, we discuss the risk of macro malware that evades detection. This paper attempts to imitate benign macros by adding benign features to macromalware. Our method extracts the variables from macro malware and replaces them to frequent words of benign macros. Furthermore, our method inserts the frequent words that appear in benign macros or the LSI topics. These words are inserted as the arguments of some functions, which do not vary the main behavior. The target detection model is our previous method, which detects macromalware with language models: Bag of words (BoW) and LSI. The detection rate is evaluated under two conditions that the attacker can access inside the model or not. As a result, the detection rate with BoW decreases to 1.5% under the situation that the attacker can access inside the model. Even if the attacker cannot access inside the model, the detection rate with LSI decreases by 73%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Z. Abaid, M.A. Kâafar, S. Jha, Quantifying the impact of adversarial evasion attacks on machine learning based android malware classifiers, in 16th IEEE International Symposium on Network Computing and Applications, NCA 2017, Cambridge, MA, USA, October 30–November 1, 2017 (2017), . pp. 375–384. https://doi.org/10.1109/NCA.2017.8171381
M. Amin, T.A. Tanveer, M. Tehseen, M. Khan, F.A. Khan, S. Anwar, Static malware detection and attribution in android byte-code through an end-to-end deep system. Future Gener. Comp. Syst. 102, 112–126 (2020). https://doi.org/10.1016/j.future.2019.07.070
F. Biondi, T. Given-Wilson, A. Legay, C. Puodzius, J. Quilbeuf, Tutorial: an overview of malware detection and evasion techniques, in Leveraging Applications of Formal Methods, Verification and Validation. Modeling—8th International Symposium, ISoLA 2018, Limassol, Cyprus, November 5–9, 2018, Proceedings, Part I, pp. 565–586 (2018). https://doi.org/10.1007/978-3-030-03418-4_34
B. Chen, Z. Ren, C. Yu, I. Hussain, J. Liu, Adversarial examples for cnn-based malware detectors. IEEE Access 7, 54360–54371 (2019). https://doi.org/10.1109/ACCESS.2019.2913439
S. Chen, M. Xue, L. Fan, S. Hao, L. Xu, H. Zhu, Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput. Secur. 73(2017). https://doi.org/10.1016/j.cose.2017.11.007
S. Ehteshamifar, A. Barresi, Gross, T.R., Pradel, M, Easy to fool? Testing the anti-evasion capabilities of PDF malware scanners. CoRR abs/1901.05674 (2019), http://arxiv.org/abs/1901.05674
K. Grosse, N. Papernot, P. Manoharan, M. Backes, P. McDaniel, Adversarial Examples for Malware Detection, in ESORICS 2017, ed. by S.N. Foley, D. Gollmann, E. Snekkenes. LNCS, vol. 10493 (Springer, Cham, 2017), pp. 62–79. https://doi.org/10.1007/978-3-319-66399-9_4
Y. Huang, U. Verma, C. Fralick, G. Infantec-Lopez, B. Kumar, C. Woodward, Malware evasion attack and defense, in 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W) (2019), pp. 34–38. https://doi.org/10.1109/DSN-W.2019.00014
Jain, E., Brown, S., Chen, J., Neaton, E., Baidas, M., Dong, Z., Gu, H., Artan, N.S.: Adversarial text generation for google’s perspective api, in 2018 International Conference on Computational Science and Computational Intelligence (CSCI) (2018), pp. 1136–1141. https://doi.org/10.1109/CSCI46756.2018.00220
Y. Jeong, J. Woo, A.R. Kang, Malware detection on byte streams of PDF files using convolutional neural networks. Security and Communication Networks 2019, 8485365:1–8485365:9 (2019). https://doi.org/10.1155/2019/8485365
A. Khormali, A. Abusnaina, S. Chen, D. Nyang, A. Mohaisen, Copycat: practical adversarial attacks on visualization-based malware detection (2019)
S. Kim, S. Hong, J. Oh, H. Lee, Obfuscated vba macro detection using machine learning, in 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2018), pp. 490–501. https://doi.org/10.1109/DSN.2018.00057
A.V. Kozachok, V.I. Kozachok, Construction and evaluation of the new heuristic malware detection mechanism based on executable files static analysis. J. Comput. Virol. Hacking Techn. 14(3), 225–231 (2017). https://doi.org/10.1007/s11416-017-0309-3
J. Li, S. Ji, T. Du, B. Li, T. Wang, Textbugger: generating adversarial text against real-world applications, in: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24–27, 2019. The Internet Society (2019), https://www.ndss-symposium.org/ndss-paper/textbugger-generating-adversarial-text-against-real-world-applications/
R. Maeda, M. Mimura, Automating post-exploitation with deep reinforcement learning. Comput. Secur. 100, 102108 (2021)
D. Maiorca, B. Biggio, G. Giacinto, Towards adversarial malware detection: Lessons learned from pdf-based attacks. ACM Comput. Surv. 52(4), 78:1–78:36 (2019). https://doi.org/10.1145/3332184
M. Mimura, An improved method of detecting macro malware on an imbalanced dataset. IEEE Access 8, 204709–204717 (2020). https://doi.org/10.1109/ACCESS.2020.3037330
M. Mimura, Using fake text vectors to improve the sensitivity of minority class for macro malware detection. J. Inf. Secur. Appl. 54, 102600 (2020)
M. Mimura, T. Ohminami, Towards efficient detection of malicious VBA macros with LSI, in Advances in Information and Computer Security—14th International Workshop on Security, IWSEC 2019, Tokyo, Japan, August 28–30, 2019, Proceedings (2019), pp. 168–185. https://doi.org/10.1007/978-3-030-26834-3_10
M. Mimura, T. Ohminami, Using LSI to detect unknown malicious VBA macros. J. Inf. Process. 28, 493–501 (2020). https://doi.org/10.2197/ipsjjip.28.493
E. Quiring, A. Maier, K. Rieck, Misleading authorship attribution of source code using adversarial learning, in 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA (2019), pp. 479–496. https://www.usenix.org/conference/usenixsecurity19/presentation/quiring
D. Vidyarthi, S.P. Choudhary, S. Rakshit, C.R.S. Kumar, Malware detection by static checking and dynamic analysis of executables. IJISP 11(3), 29–41 (2017). https://doi.org/10.4018/IJISP.2017070103
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yamamoto, R., Mimura, M. (2022). On the Possibility of Evasion Attacks with Macro Malware. In: Ranganathan, G., Fernando, X., Shi, F., El Allioui, Y. (eds) Soft Computing for Security Applications . Advances in Intelligent Systems and Computing, vol 1397. Springer, Singapore. https://doi.org/10.1007/978-981-16-5301-8_4
Download citation
DOI: https://doi.org/10.1007/978-981-16-5301-8_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-5300-1
Online ISBN: 978-981-16-5301-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)