Adversarial sample generation technology of malicious code based on LIME

被引：0

作者：

Huang T. ^{[1
]}

Li C. ^{[1
]}

Liu Y. ^{[1
]}

Li D. ^{[1
]}

Wen W. ^{[1
]}

机构：

[1] School of Software & Microelectronics, Peking University, Beijing

来源：

Beijing Hangkong Hangtian Daxue Xuebao/Journal of Beijing University of Aeronautics and Astronautics | 2022年 / 48卷 / 02期

基金：

中国国家自然科学基金;

关键词：

Adversarial samples; Local interpretable model-agnostic explanations (LIME); Machine learning; Malicious code; Target classifiers;

D O I：

10.13700/j.bh.1001-5965.2020.0397

中图分类号：

学科分类号：

摘要：

Based on the research and analysis of machine learning technology to detect malicious code, a local interpretable model-agnostic explanations (LIME)-based black-box adversarial examples generation method is proposed to generate adversarial samples for any black-box malicious code classifier and bypass the detection of machine learning models. The method uses a simple model to simulate the target classifier's local performances, obtains the feature weights, and generates disturbances through the disturbance algorithm. According to the generated disturbances, the method modifies the original malicious code to generate adversarial samples. We test the method using Microsoft's common malicious sample data in 2015 and the collected benign sample data from more than 50 suppliers as follows: 18 target classifiers based on different algorithms or features were implemented concerning common malicious code classifiers. Their classifiers' true positive rates were reduced to approximately zero when we attacked them using the method. Two advanced black-box sample generation methods, MalGAN and ZOO, were reproduced for comparison with this method. The experimental results show that the proposed method in this paper can effectively generate adversarial samples, and the method itself owns various strengths, including broad applicability, flexible control of disturbances, and soundness. © 2022, Editorial Board of JBUAA. All right reserved.

引用

页码：331 / 338

页数：7

共 25 条

[1] ALAZAB M., Automated malware detection in mobile app stores based on robust feature generation[J], Electronics, 9, 3, (2020)
[2] SAXE J, BERLIN K., Deep neural network based malware detection using two dimensional binary program features, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 11-20, (2015)
[3] PASCANU R, STOKES J W, SANOSSIAN H, Et al., Malware classification with recurrent networks, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1916-1920, (2015)
[4] HUANG W Y, STOKES J W., MtNet:A multi-task neural network for dynamic malware classification[C], International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment(DIMVA), pp. 399-418, (2016)
[5] KOLOSNJAJI B, ZARRAS A, WEBSTER G, Et al., Deep learning for classification of malware system call sequences, Australasian Joint Conference on Artificial Intelligence, pp. 137-149, (2016)
[6] SCHULTZ M G, ESKIN E, ZADOK F, Et al., Data mining methods for detection of new malicious executables, Proceedings 2001 IEEE Symposium on Security and Privacy, pp. 38-49, (2000)
[7] KOLTER J Z, MALOOF M A., Learning to detect malicious executables in the wild, Proceedings of the 2004 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470-478, (2004)
[8] KOLTER J Z, MALOOF M A., Learning to detect and classify malicious executables in the wild[J], Journal of Machine Learning Research, 7, 4, pp. 2721-2744, (2006)
[9] RIBEIRO M T, SINGH S, GUESTRIN C., Why should I trust You?":Explaining the predictions of any classifier, Proceedings of the 2016 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1135-1144, (2016)
[10] SU D, ZHANG H, CHEN H G, Et al., Is robustness the cost of accuracy? A comprehensive study on the robustness of 18 deep image classification models[C], Computer Vision-ECCV 2018, pp. 644-661, (2018)

← 1 2 3 →