计算机科学 ›› 2021, Vol. 48 ›› Issue (5): 60-67.doi: 10.11896/jsjkx.200300127

• 计算机软件* 上一篇    下一篇

面向恶意软件检测模型的黑盒对抗攻击方法

陈晋音, 邹健飞, 袁俊坤, 叶林辉   

  1. 浙江工业大学信息工程学院 杭州310023
  • 收稿日期:2020-03-23 修回日期:2020-08-28 出版日期:2021-05-15 发布日期:2021-05-09
  • 通讯作者: 陈晋音(chenjinyin@zjut.edu.cn)
  • 基金资助:
    宁波市“科技创新2025”重大专项(2018B10063)

Black-box Adversarial Attack Method Towards Malware Detection

CHEN Jin-yin, ZOU Jian-fei, YUAN Jun-kun, YE Lin-hui   

  1. School of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China
  • Received:2020-03-23 Revised:2020-08-28 Online:2021-05-15 Published:2021-05-09
  • About author:CHEN Jin-yin,born in 1982,Ph.D,associate professor.Her main research interests include artificial intelligence security,data mining and intelligent computing.
  • Supported by:
    Major Special Funding for “Science and Technology Innovation 2025” of Ningbo,China(2018B10063).

摘要: 深度学习方法已被广泛应用于恶意软件检测中并取得了较好的预测精度,但同时深度神经网络容易受到对输入数据添加细微扰动的对抗攻击,导致模型输出错误的预测结果,从而使得恶意软件检测失效。针对基于深度学习的恶意软件检测方法的安全性,提出了一种面向恶意软件检测模型的黑盒对抗攻击方法。首先在恶意软件检测模型内部结构参数完全未知的前提下,通过生成对抗网络模型来生成恶意软件样本;然后使生成的对抗样本被识别成预先设定的目标类型以实现目标攻击,从而躲避恶意软件检测;最后,在Kaggle竞赛的恶意软件数据集上展开实验,验证了所提黑盒攻击方法的有效性。进一步得到,生成的对抗样本也可对其他恶意软件检测方法攻击成功,这验证了其具有较强的攻击迁移性。

关键词: 恶意软件检测, 深度学习, 生成对抗网络, 对抗攻击, 黑盒攻击

Abstract: Deep learning method has been widely used in malware detection,which also has an excellent performance in the aspect of classification accuracy.Meanwhile,deep neural networks are vulnerable to adversarial attacks in the form of subtle perturbations added on the input data,resulting in incorrect predictive results,such as escaping the malware detection.Aiming at the security of malware detection method based on deep learning,this paper proposes a black-box adversarial attack method towards the malware detection model.First,it uses the generative adversarial net model to generate the adversarial examples.Then,the gene-rated adversarial examples are identified as the pre-set target type to achieve the target attack.Finally,experiments are carried out on the Kaggle competition malware dataset to verify the effectiveness of the black-box attack method.Furthermore,the generated adversarial examples are applied to attack other classification models to testify the strong transfer attack capacity of the proposed black-box attack method.

Key words: Malware detection, Deep learning, Generative adversarial network, Adversarial attack, Black-box attack

中图分类号: 

  • TP391
[1]KEPHART J O.Automatic extraction of computer virus signatures[C]//Proc.4th Virus Bulletin International Conference.Abingdon,England,1994:178-184.
[2]BRUMLEY D,WANG H,JHA S,et al.Creating Vulnerability Signatures Using Weakest Preconditions[C]//20th IEEE Computer Security Foundations Symposium(CSF'07).Venice,2007:311-325.
[3]WANG K,CRETU G,STOLFO S J.Anomalous Payload-Based Worm Detection and Signature Generation[C]//Recent Advances in Intrusion Detection.RAID,2005:227-246.
[4]PORTOKALIDIS G,SLOWINSKA A,BOS H.Argos:an emulator for fingerprinting zero-day attacks[C]//EuroSys 2006.2006.
[5]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014.
[6]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013.
[7]YE Y,LI T,ZHU S,et al.Combining file content and file rela-tions for cloud based malware detection[C]//Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining.ACM,2011:222-230.
[8]SUNG A H,XU J,CHAVEZ P,et al.Static analyzer of vicious executables(save)[C]//20th Annual Computer Security Applications Conference.IEEE,2004:326-334.
[9]KENDALL K,MCMILLAN C.Practical malware analysis[C]//Black Hat Conference.2007:10.
[10]BAZRAFSHAN Z,HASHEMI H,FARD S M H,et al.A survey on heuristic malware detection techniques[C]//The 5th Conference on Information and Knowledge Technology.IEEE,2013:113-120.
[11]YE Y,LI T,ADJEROH D,et al.A survey on malware detection using data mining techniques[J].ACM Computing Surveys(CSUR),2017,50(3):41.
[12]EGELE M,SCHOLTE T,KIRDA E,et al.A survey on automated dynamic malware-analysis techniques and tools[J].ACM computing surveys(CSUR),2012,44(2):6.
[13]FOSSI M,JOHNSON E,MACK T,et al.Symantec global Internet security threat report trends for 2008[J].Methodology,2005(April):1-3.
[14]BERLIN K,SLATER D,SAXE J.Malicious behavior detection using windows audit logs[C]//Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security.ACM,2015:35-44.
[15]KONG D,YAN G.Discriminant malware distance learning on structural information for automated malware classification[C]//Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.ACM,2013:1357-1365.
[16]ANNACHHATRE C,AUSTIN T H,STAMP M.HiddenMarkov models for malware classification[J].Journal of Computer Virology and Hacking Techniques,2015,11(2):59-73.
[17]GARCIA F C C,MUGA I I,FELIX P.Random forest for malware classification[J].arXiv:1609.07770,2016.
[18]YE Y,CHEN L,HOU S,et al.DeepAM:a heterogeneous deep learning framework for intelligent malware detection[J].Knowledge and Information Systems,2018,54(2):265-285.
[19]HUDA S,MIAH S,HASSAN M M,et al.Defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data[J].Information Sciences,2017,379:211-228.
[20]WANG Q,GUO W,ZHANG K,et al.Adversary resistant deep neural networks with an application to malware detection[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.ACM,2017:1145-1153.
[21]PASCANU R,STOKES J W,SANOSSIAN H,et al.Malware classification with recurrent networks[C]//2015 IEEE International Conference on Acoustics,Speech and Signal Processing(ICASSP).IEEE,2015:1916-1920.
[22]RAFF E,BARKER J,SYLVESTER J,et al.Malware detection by eating a whole exe[C]//Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence.2018.
[23]KOLOSNJAJI B,DEMONTIS A,BIGGIO B,et al.Adversarial malware binaries:Evading deep learning for malware detection in executables[C]//2018 26th European Signal Processing Conference(EUSIPCO).IEEE,2018:533-537.
[24]KREUK F,BARAK A,AVIV-REUVEN S,et al.Deceiving end-to-end deep learning malware detectors using adversarial examples[J].arXiv:1802.04528,2018.
[25]HU W,TAN Y.Generating adversarial malware examples forblack-box attacks based on GAN[J].arXiv:1702.05983,2017.
[26]ANDERSON H S,KHARKAR A,FILAR B,et al.Evading machine learning malware detection[R].USA:Black Hat.,2017.
[27]KIM J Y,BU S J,CHO S B.Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders[J].Information Sciences,2018,460:83-102.
[28]ROSENBERG I,SHABTAI A,ROKACH L,et al.Genericblack-box end-to-end attack against state of the art API call based malware classifiers[C]//International Symposium on Research in Attacks,Intrusions,and Defenses.Springer,Cham,2018:490-510.
[29]LI H,ZHOU S,YUAN W,et al.Adversarial-Example Attacks Toward Android Malware Detection System[J].IEEE Systems Journal,2019,14(1):653-656.
[30]GOODFELLOW I,POUGET-ABADIE J,MIRZA M,et al.Gene-rative adversarial nets[C]//Advances in Neural Information Processing Systems.2014:2672-2680.
[31]NATARAJ L,KARTHIKEYAN S,JACOB G,et al.Malwareimages:visualization and automatic classification[C]//Procee-dings of the 8th International Symposium on Visualization for Cyber Security.ACM,2011:4.
[32]RONEN R,RADU M,FEUERSTEIN C,et al.Microsoft malware classification challenge[J].arXiv:1802.10135,2018.
[33]RADFORD A,METZ L,CHINTALA S.Unsupervised repre-sentation learning with deep convolutional generative adversarial networks[J].arXiv:1511.06434,2015.
[34]LECUN Y,BOTTOU L,BENGIO Y,et al.Gradient-basedlearning applied to document recognition[C]//Proceedings of the IEEE.1998:2278-2324.
[1] 张少钦, 杜圣东, 张晓博, 李天瑞. 融合多模态信息的社交网络谣言检测方法[J]. 计算机科学, 2021, 48(5): 117-123.
[2] 宁婷, 苗德壮, 董启文, 陆雪松. 逾期风险预测的宽度和深度学习[J]. 计算机科学, 2021, 48(5): 197-201.
[3] 尹久, 池凯凯, 宦若虹. 基于ATT-DGRU的文本方面级别情感分析[J]. 计算机科学, 2021, 48(5): 217-224.
[4] 姚冬, 李舟军, 陈舒玮, 季震, 张锐, 宋磊, 蓝海波. 面向任务的基于深度学习的多轮对话系统与技术[J]. 计算机科学, 2021, 48(5): 232-238.
[5] 吕金娜, 邢春玉, 李莉. 基于多特征融合的细粒度视频人物关系抽取[J]. 计算机科学, 2021, 48(4): 117-122.
[6] 程旭, 崔一平, 宋晨, 陈北京, 郑钰辉, 史金钢. 基于时空注意力机制的目标跟踪算法[J]. 计算机科学, 2021, 48(4): 123-129.
[7] 束鑫, 常锋, 张歆, 杜睿, 余转. 基于BCNN的胎儿颅脑超声横切面识别算法[J]. 计算机科学, 2021, 48(4): 151-156.
[8] 王伟, 胡涛, 李欣蔚, 沈思婉, 姜小明, 刘峻源. 白细胞图像超分辨率重建研究[J]. 计算机科学, 2021, 48(4): 164-168.
[9] 马凤飞, 蔺素珍, 刘峰, 王丽芳, 李大威. 基于语义对比生成对抗网络的高倍欠采MRI重建[J]. 计算机科学, 2021, 48(4): 169-173.
[10] 赵新灿, 常寒星, 金仁标. 3D点云形状补全GAN[J]. 计算机科学, 2021, 48(4): 192-196.
[11] 潘金山. 基于深度学习的图像去模糊方法研究进展[J]. 计算机科学, 2021, 48(3): 9-13.
[12] 赵露露, 沈玲, 洪日昌. 图像修复研究进展综述[J]. 计算机科学, 2021, 48(3): 14-26.
[13] 陈凯, 魏志鹏, 陈静静, 姜育刚. 多媒体模型对抗攻防综述[J]. 计算机科学, 2021, 48(3): 27-39.
[14] 张开华, 樊佳庆, 刘青山. 视觉目标跟踪十年研究进展[J]. 计算机科学, 2021, 48(3): 40-49.
[15] 白子轶, 毛懿荣, 王瑞平. 视频人脸识别进展综述[J]. 计算机科学, 2021, 48(3): 50-59.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 刘东, 王叶斐, 林建平, 马海川, 杨闰宇. 端到端优化的图像压缩技术进展[J]. 计算机科学, 2021, 48(3): 1 -8 .
[2] 潘金山. 基于深度学习的图像去模糊方法研究进展[J]. 计算机科学, 2021, 48(3): 9 -13 .
[3] 赵露露, 沈玲, 洪日昌. 图像修复研究进展综述[J]. 计算机科学, 2021, 48(3): 14 -26 .
[4] . 多媒体技术进展专题前言[J]. 计算机科学, 2021, 48(3): 0 -00 .
[5] 李笠, 李广鹏, 常亮, 古天龙. 约束进化算法及其应用研究综述[J]. 计算机科学, 2021, 48(4): 1 -13 .
[6] 李超, 覃飙. 高效计算因果网中的最大可能解释[J]. 计算机科学, 2021, 48(4): 14 -19 .
[7] 宋慧超, 刘晓楠, 王洪, 尹美娟, 江舵. 基于Grover搜索算法的整数分解[J]. 计算机科学, 2021, 48(4): 20 -25 .
[8] 何彬, 许道云. 正则(3,4)-CNF公式的社区结构[J]. 计算机科学, 2021, 48(4): 26 -30 .
[9] 高吉吉, 岳雪蓉, 陈智斌. 针对经典排序问题的一种新算法的近似比分析[J]. 计算机科学, 2021, 48(4): 37 -42 .
[10] 鲁巡, 李妍妍, 秦克云. 三种近似算子之间的关系[J]. 计算机科学, 2021, 48(4): 49 -53 .