计算机科学 ›› 2023, Vol. 50 ›› Issue (7): 325-331.doi: 10.11896/jsjkx.220800176
李坤1, 郭威1, 张帆1, 杜加玉2, 杨梅樾2
LI Kun1, GUO Wei1, ZHANG Fan1, DU Jiayu2, YANG Meiyue2
摘要: 近年来,随着互联网技术的发展,恶意软件成为网络攻击的重要手段。为防御恶意软件攻击,可以将深度学习技术应用于恶意软件检测。然而,由于深度学习模型自身的局限性,基于深度学习的恶意软件检测模型容易受到恶意软件对抗样本的攻击,导致恶意软件对抗样本逃逸模型检测。通过研究恶意软件对抗样本的生成,可以帮助模型设计者改进模型设计、提升模型鲁棒性和防御能力。因此,针对基于灰度图的恶意软件检测模型,提出一种基于遗传算法的恶意软件对抗样本生成方法。该方法通过遗传算法优化扰动,再结合混淆操作向恶意软件中注入扰动,从而保证生成的恶意软件对抗样本具有对抗性、可执行性和恶意性。经实验验证,相比现有工作,所提方法生成的对抗样本攻击成功率平均提高56.4%。
中图分类号:
[1]GIRSHICK R,DONAHUE J,DARRELL T,et al.Rich feature hierarchies for accurate object detection and semantic segmentation[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2014:580-587. [2]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Neural Computation,1997,9(8):1735-1780. [3]WANG J,ZHANG C,QI X,et al.A Survey of Intelligent Malware Detection on Windows Platform [J].Journal of Computer Research and Development,2021,58(5):977-994. [4]CUI Z,XUE F,CAI X,et al.Detection of malicious code va-riants based on deep learning[J].IEEE Transactions on Industrial Informatics,2018,14(7):3187-3196. [5]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013. [6]GROSSE K,PAPERNOT N,MANOHARAN P,et al.Adver-sarial perturbations against deep neural networks for malware classification[J].arXiv:1606.04435,2016. [7]CHEN J,ZOU J,YUAN J,et al.Black-box Adversarial Attack Method Towards Malware Detection [J].Computer Science,2021,48(5):60-67. [8]XIAO M,GUO C,SHEN G,et al.Adversarial Example Remaining Availability and Functionality [J].Journal of Frontiers of Computer Science and Technology,2022,16(10):2286-2297. [9]KHORMALI A,ABUSNAINA A,CHEN S,et al.COPYCAT,practical adversarial attackson visualization-based malware detection[J].arXiv:1909.09735,2019. [10]NATARAJ L,KARTHIKEYAN S,JACOB G,et al.Malware images,visualization and automatic classification[C]//Procee-dings of the 8th International Symposium on Visualization for Cyber Security.2011:1-7. [11]LIU X,ZHANG J,LIN Y,et al.ATMPA,attacking machine learning-based malware visualization detection methods via adversarial examples[C]//2019 IEEE/ACM 27th International Symposium on Quality of Service(IWQoS).IEEE,2019:1-10. [12]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014. [13]CARLINI N,WAGNER D.Towards evaluating the robustness of neural networks[C]//2017 IEEE Symposium on Security and Privacy(SP).IEEE,2017:39-57. [14]GOODFELLOW I,POUGET-ABADIE J,MIRZA M,et al.Ge-nerative adversarial networks[J].Communications of the ACM,2020,63(11):139-144. [15]BENKRAOUDA H,QIAN J,TRAN H Q,et al.Attacks on Vi-sualization-Based Malware Detection,Balancing Effectiveness and Executability[C]//International Workshop on Deployable Machine Learning for Security Defense.Cham:Springer,2021:107-131. [16]DAS S,SUGANTHAN P N.Differential evolution,A survey of the state-of-the-art[J].IEEE Transactions on Evolutionary Computation,2010,15(1):4-31. [17]geatpy.The genetic and evolutionary algorithm toolbox with high performance in python[EB/OL].http://www.geatpy.com/. [18]Microsoft Inc.PE Format [EB/OL].https://docs.microsoft.com/en-us/windows/win32/debug/pe-format. [19]DEMETRIO L,COULL S E,BIGGIO B,et al.Adversarialexemples,A survey and experimental evaluation of practical attacks on machine learning for windows malware detection[J].ACM Transactions on Privacy and Security(TOPS),2021,24(4):1-31. [20]KOLOSNJAJI B,DEMONTIS A,BIGGIO B,et al.Adversarial malware binaries,Evading deep learning for malware detection in executables[C]//2018 26th European Signal Processing Conference(EUSIPCO).IEEE,2018:533-537. [21]WENZL M,MERZDOVNIK G,ULLRICH J,et al.From hack to elaborate technique-a survey on binary rewriting[J].ACM Computing Surveys(CSUR),2019,52(3):1-37. [22]VirusShare.com-Because Sharing is Caring [EB/OL].ht-tps://virusshare.com/. [23]TEKEREK A,YAPICI M M.A novel malware classification and augmentation model based on convolutional neural network[J].Computers & Security,2022,112,102515. |
|