计算机科学 ›› 2021, Vol. 48 ›› Issue (5): 60-67.doi: 10.11896/jsjkx.200300127

• 计算机软件* 上一篇    下一篇

面向恶意软件检测模型的黑盒对抗攻击方法

陈晋音, 邹健飞, 袁俊坤, 叶林辉   

  1. 浙江工业大学信息工程学院 杭州310023
  • 收稿日期:2020-03-23 修回日期:2020-08-28 出版日期:2021-05-15 发布日期:2021-05-09
  • 通讯作者: 陈晋音(chenjinyin@zjut.edu.cn)
  • 基金资助:
    宁波市“科技创新2025”重大专项(2018B10063)

Black-box Adversarial Attack Method Towards Malware Detection

CHEN Jin-yin, ZOU Jian-fei, YUAN Jun-kun, YE Lin-hui   

  1. School of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China
  • Received:2020-03-23 Revised:2020-08-28 Online:2021-05-15 Published:2021-05-09
  • About author:CHEN Jin-yin,born in 1982,Ph.D,associate professor.Her main research interests include artificial intelligence security,data mining and intelligent computing.
  • Supported by:
    Major Special Funding for “Science and Technology Innovation 2025” of Ningbo,China(2018B10063).

摘要: 深度学习方法已被广泛应用于恶意软件检测中并取得了较好的预测精度,但同时深度神经网络容易受到对输入数据添加细微扰动的对抗攻击,导致模型输出错误的预测结果,从而使得恶意软件检测失效。针对基于深度学习的恶意软件检测方法的安全性,提出了一种面向恶意软件检测模型的黑盒对抗攻击方法。首先在恶意软件检测模型内部结构参数完全未知的前提下,通过生成对抗网络模型来生成恶意软件样本;然后使生成的对抗样本被识别成预先设定的目标类型以实现目标攻击,从而躲避恶意软件检测;最后,在Kaggle竞赛的恶意软件数据集上展开实验,验证了所提黑盒攻击方法的有效性。进一步得到,生成的对抗样本也可对其他恶意软件检测方法攻击成功,这验证了其具有较强的攻击迁移性。

关键词: 对抗攻击, 恶意软件检测, 黑盒攻击, 深度学习, 生成对抗网络

Abstract: Deep learning method has been widely used in malware detection,which also has an excellent performance in the aspect of classification accuracy.Meanwhile,deep neural networks are vulnerable to adversarial attacks in the form of subtle perturbations added on the input data,resulting in incorrect predictive results,such as escaping the malware detection.Aiming at the security of malware detection method based on deep learning,this paper proposes a black-box adversarial attack method towards the malware detection model.First,it uses the generative adversarial net model to generate the adversarial examples.Then,the gene-rated adversarial examples are identified as the pre-set target type to achieve the target attack.Finally,experiments are carried out on the Kaggle competition malware dataset to verify the effectiveness of the black-box attack method.Furthermore,the generated adversarial examples are applied to attack other classification models to testify the strong transfer attack capacity of the proposed black-box attack method.

Key words: Adversarial attack, Black-box attack, Deep learning, Generative adversarial network, Malware detection

中图分类号: 

  • TP391
[1]KEPHART J O.Automatic extraction of computer virus signatures[C]//Proc.4th Virus Bulletin International Conference.Abingdon,England,1994:178-184.
[2]BRUMLEY D,WANG H,JHA S,et al.Creating Vulnerability Signatures Using Weakest Preconditions[C]//20th IEEE Computer Security Foundations Symposium(CSF'07).Venice,2007:311-325.
[3]WANG K,CRETU G,STOLFO S J.Anomalous Payload-Based Worm Detection and Signature Generation[C]//Recent Advances in Intrusion Detection.RAID,2005:227-246.
[4]PORTOKALIDIS G,SLOWINSKA A,BOS H.Argos:an emulator for fingerprinting zero-day attacks[C]//EuroSys 2006.2006.
[5]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014.
[6]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013.
[7]YE Y,LI T,ZHU S,et al.Combining file content and file rela-tions for cloud based malware detection[C]//Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining.ACM,2011:222-230.
[8]SUNG A H,XU J,CHAVEZ P,et al.Static analyzer of vicious executables(save)[C]//20th Annual Computer Security Applications Conference.IEEE,2004:326-334.
[9]KENDALL K,MCMILLAN C.Practical malware analysis[C]//Black Hat Conference.2007:10.
[10]BAZRAFSHAN Z,HASHEMI H,FARD S M H,et al.A survey on heuristic malware detection techniques[C]//The 5th Conference on Information and Knowledge Technology.IEEE,2013:113-120.
[11]YE Y,LI T,ADJEROH D,et al.A survey on malware detection using data mining techniques[J].ACM Computing Surveys(CSUR),2017,50(3):41.
[12]EGELE M,SCHOLTE T,KIRDA E,et al.A survey on automated dynamic malware-analysis techniques and tools[J].ACM computing surveys(CSUR),2012,44(2):6.
[13]FOSSI M,JOHNSON E,MACK T,et al.Symantec global Internet security threat report trends for 2008[J].Methodology,2005(April):1-3.
[14]BERLIN K,SLATER D,SAXE J.Malicious behavior detection using windows audit logs[C]//Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security.ACM,2015:35-44.
[15]KONG D,YAN G.Discriminant malware distance learning on structural information for automated malware classification[C]//Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.ACM,2013:1357-1365.
[16]ANNACHHATRE C,AUSTIN T H,STAMP M.HiddenMarkov models for malware classification[J].Journal of Computer Virology and Hacking Techniques,2015,11(2):59-73.
[17]GARCIA F C C,MUGA I I,FELIX P.Random forest for malware classification[J].arXiv:1609.07770,2016.
[18]YE Y,CHEN L,HOU S,et al.DeepAM:a heterogeneous deep learning framework for intelligent malware detection[J].Knowledge and Information Systems,2018,54(2):265-285.
[19]HUDA S,MIAH S,HASSAN M M,et al.Defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data[J].Information Sciences,2017,379:211-228.
[20]WANG Q,GUO W,ZHANG K,et al.Adversary resistant deep neural networks with an application to malware detection[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.ACM,2017:1145-1153.
[21]PASCANU R,STOKES J W,SANOSSIAN H,et al.Malware classification with recurrent networks[C]//2015 IEEE International Conference on Acoustics,Speech and Signal Processing(ICASSP).IEEE,2015:1916-1920.
[22]RAFF E,BARKER J,SYLVESTER J,et al.Malware detection by eating a whole exe[C]//Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence.2018.
[23]KOLOSNJAJI B,DEMONTIS A,BIGGIO B,et al.Adversarial malware binaries:Evading deep learning for malware detection in executables[C]//2018 26th European Signal Processing Conference(EUSIPCO).IEEE,2018:533-537.
[24]KREUK F,BARAK A,AVIV-REUVEN S,et al.Deceiving end-to-end deep learning malware detectors using adversarial examples[J].arXiv:1802.04528,2018.
[25]HU W,TAN Y.Generating adversarial malware examples forblack-box attacks based on GAN[J].arXiv:1702.05983,2017.
[26]ANDERSON H S,KHARKAR A,FILAR B,et al.Evading machine learning malware detection[R].USA:Black Hat.,2017.
[27]KIM J Y,BU S J,CHO S B.Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders[J].Information Sciences,2018,460:83-102.
[28]ROSENBERG I,SHABTAI A,ROKACH L,et al.Genericblack-box end-to-end attack against state of the art API call based malware classifiers[C]//International Symposium on Research in Attacks,Intrusions,and Defenses.Springer,Cham,2018:490-510.
[29]LI H,ZHOU S,YUAN W,et al.Adversarial-Example Attacks Toward Android Malware Detection System[J].IEEE Systems Journal,2019,14(1):653-656.
[30]GOODFELLOW I,POUGET-ABADIE J,MIRZA M,et al.Gene-rative adversarial nets[C]//Advances in Neural Information Processing Systems.2014:2672-2680.
[31]NATARAJ L,KARTHIKEYAN S,JACOB G,et al.Malwareimages:visualization and automatic classification[C]//Procee-dings of the 8th International Symposium on Visualization for Cyber Security.ACM,2011:4.
[32]RONEN R,RADU M,FEUERSTEIN C,et al.Microsoft malware classification challenge[J].arXiv:1802.10135,2018.
[33]RADFORD A,METZ L,CHINTALA S.Unsupervised repre-sentation learning with deep convolutional generative adversarial networks[J].arXiv:1511.06434,2015.
[34]LECUN Y,BOTTOU L,BENGIO Y,et al.Gradient-basedlearning applied to document recognition[C]//Proceedings of the IEEE.1998:2278-2324.
[1] 张佳, 董守斌.
基于评论方面级用户偏好迁移的跨领域推荐算法
Cross-domain Recommendation Based on Review Aspect-level User Preference Transfer
计算机科学, 2022, 49(9): 41-47. https://doi.org/10.11896/jsjkx.220200131
[2] 徐涌鑫, 赵俊峰, 王亚沙, 谢冰, 杨恺.
时序知识图谱表示学习
Temporal Knowledge Graph Representation Learning
计算机科学, 2022, 49(9): 162-171. https://doi.org/10.11896/jsjkx.220500204
[3] 饶志双, 贾真, 张凡, 李天瑞.
基于Key-Value关联记忆网络的知识图谱问答方法
Key-Value Relational Memory Networks for Question Answering over Knowledge Graph
计算机科学, 2022, 49(9): 202-207. https://doi.org/10.11896/jsjkx.220300277
[4] 汤凌韬, 王迪, 张鲁飞, 刘盛云.
基于安全多方计算和差分隐私的联邦学习方案
Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy
计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[5] 王剑, 彭雨琦, 赵宇斐, 杨健.
基于深度学习的社交网络舆情信息抽取方法综述
Survey of Social Network Public Opinion Information Extraction Based on Deep Learning
计算机科学, 2022, 49(8): 279-293. https://doi.org/10.11896/jsjkx.220300099
[6] 郝志荣, 陈龙, 黄嘉成.
面向文本分类的类别区分式通用对抗攻击方法
Class Discriminative Universal Adversarial Attack for Text Classification
计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077
[7] 姜梦函, 李邵梅, 郑洪浩, 张建朋.
基于改进位置编码的谣言检测模型
Rumor Detection Model Based on Improved Position Embedding
计算机科学, 2022, 49(8): 330-335. https://doi.org/10.11896/jsjkx.210600046
[8] 孙奇, 吉根林, 张杰.
基于非局部注意力生成对抗网络的视频异常事件检测方法
Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection
计算机科学, 2022, 49(8): 172-177. https://doi.org/10.11896/jsjkx.210600061
[9] 胡艳羽, 赵龙, 董祥军.
一种用于癌症分类的两阶段深度特征选择提取算法
Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification
计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092
[10] 戴朝霞, 李锦欣, 张向东, 徐旭, 梅林, 张亮.
基于DNGAN的磁共振图像超分辨率重建算法
Super-resolution Reconstruction of MRI Based on DNGAN
计算机科学, 2022, 49(7): 113-119. https://doi.org/10.11896/jsjkx.210600105
[11] 程成, 降爱莲.
基于多路径特征提取的实时语义分割方法
Real-time Semantic Segmentation Method Based on Multi-path Feature Extraction
计算机科学, 2022, 49(7): 120-126. https://doi.org/10.11896/jsjkx.210500157
[12] 侯钰涛, 阿布都克力木·阿布力孜, 哈里旦木·阿布都克里木.
中文预训练模型研究进展
Advances in Chinese Pre-training Models
计算机科学, 2022, 49(7): 148-163. https://doi.org/10.11896/jsjkx.211200018
[13] 周慧, 施皓晨, 屠要峰, 黄圣君.
基于主动采样的深度鲁棒神经网络学习
Robust Deep Neural Network Learning Based on Active Sampling
计算机科学, 2022, 49(7): 164-169. https://doi.org/10.11896/jsjkx.210600044
[14] 苏丹宁, 曹桂涛, 王燕楠, 王宏, 任赫.
小样本雷达辐射源识别的深度学习方法综述
Survey of Deep Learning for Radar Emitter Identification Based on Small Sample
计算机科学, 2022, 49(7): 226-235. https://doi.org/10.11896/jsjkx.210600138
[15] 王君锋, 刘凡, 杨赛, 吕坦悦, 陈峙宇, 许峰.
基于多源迁移学习的大坝裂缝检测
Dam Crack Detection Based on Multi-source Transfer Learning
计算机科学, 2022, 49(6A): 319-324. https://doi.org/10.11896/jsjkx.210500124
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!