计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (7): 325-331.doi: 10.11896/jsjkx.220800176

• 信息安全 • 上一篇    下一篇

基于遗传算法的恶意软件对抗样本生成方法

李坤1, 郭威1, 张帆1, 杜加玉2, 杨梅樾2   

  1. 1 信息工程大学信息技术研究所 郑州 450002
    2 紫金山实验室 南京 211111
  • 收稿日期:2022-08-17 修回日期:2022-11-26 出版日期:2023-07-15 发布日期:2023-07-05
  • 通讯作者: 张帆(13838267352@qq.com)
  • 作者简介:(moyue_lk@foxmail.com)

Adversarial Malware Generation Method Based on Genetic Algorithm

LI Kun1, GUO Wei1, ZHANG Fan1, DU Jiayu2, YANG Meiyue2   

  1. 1 Institute of Information Technology,University of Information Engineering,Zhengzhou 450002,China
    2 Purple Mountain Laboratories,Nanjing 211111,China
  • Received:2022-08-17 Revised:2022-11-26 Online:2023-07-15 Published:2023-07-05
  • About author:LI Kun,born in 1998,postgraduate.His main research interests include artificial intelligence security,adversarial samples,and malware detection.ZHANG Fan,born in 1981,Ph.D,associate researcher,master tutor.His main research interests include active defense,chip design technology,and high-performance computing.

PDF (PC)

307

摘要: 近年来,随着互联网技术的发展,恶意软件成为网络攻击的重要手段。为防御恶意软件攻击,可以将深度学习技术应用于恶意软件检测。然而,由于深度学习模型自身的局限性,基于深度学习的恶意软件检测模型容易受到恶意软件对抗样本的攻击,导致恶意软件对抗样本逃逸模型检测。通过研究恶意软件对抗样本的生成,可以帮助模型设计者改进模型设计、提升模型鲁棒性和防御能力。因此,针对基于灰度图的恶意软件检测模型,提出一种基于遗传算法的恶意软件对抗样本生成方法。该方法通过遗传算法优化扰动,再结合混淆操作向恶意软件中注入扰动,从而保证生成的恶意软件对抗样本具有对抗性、可执行性和恶意性。经实验验证,相比现有工作,所提方法生成的对抗样本攻击成功率平均提高56.4%。

关键词: 对抗样本, 深度学习, 恶意检测, 对抗攻击, 遗传算法

Abstract: In recent years,with the development of Internet technology,malware has become an important method of network attack.To defend against malware attacks,deep learning techniques can be applied to malware detection.However,due to the limitations of deep learning models,malware detection models based on deep learning are vulnerable to adversarial malware,which leads to adversarial malware evading model detection.By studying the generation of adversarial malware,it can help modeldesig-ners to improve model design,improve model robustness and defense capabilities.Therefore,for the malware detection model based on grayscale image,the adversarial malware generation method based on genetic algorithm is proposed.It optimizes the perturbation by genetic algorithm,and then injects the perturbation into the malware by the obfuscation operation,so as to ensure that the generated adversarial malware samples are adversarial,executable and malicious.It is verified by experiments that the attack success rate of adversarial samples generated by the proposed method increases by 56.4% on average compared to the exis-ting work.

Key words: Adversarial examples, Deep learning, Malware detection, Adversarial attacks, Genetic algorithms

中图分类号: 

  • TP309.5
[1]GIRSHICK R,DONAHUE J,DARRELL T,et al.Rich feature hierarchies for accurate object detection and semantic segmentation[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2014:580-587.
[2]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Neural Computation,1997,9(8):1735-1780.
[3]WANG J,ZHANG C,QI X,et al.A Survey of Intelligent Malware Detection on Windows Platform [J].Journal of Computer Research and Development,2021,58(5):977-994.
[4]CUI Z,XUE F,CAI X,et al.Detection of malicious code va-riants based on deep learning[J].IEEE Transactions on Industrial Informatics,2018,14(7):3187-3196.
[5]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013.
[6]GROSSE K,PAPERNOT N,MANOHARAN P,et al.Adver-sarial perturbations against deep neural networks for malware classification[J].arXiv:1606.04435,2016.
[7]CHEN J,ZOU J,YUAN J,et al.Black-box Adversarial Attack Method Towards Malware Detection [J].Computer Science,2021,48(5):60-67.
[8]XIAO M,GUO C,SHEN G,et al.Adversarial Example Remaining Availability and Functionality [J].Journal of Frontiers of Computer Science and Technology,2022,16(10):2286-2297.
[9]KHORMALI A,ABUSNAINA A,CHEN S,et al.COPYCAT,practical adversarial attackson visualization-based malware detection[J].arXiv:1909.09735,2019.
[10]NATARAJ L,KARTHIKEYAN S,JACOB G,et al.Malware images,visualization and automatic classification[C]//Procee-dings of the 8th International Symposium on Visualization for Cyber Security.2011:1-7.
[11]LIU X,ZHANG J,LIN Y,et al.ATMPA,attacking machine learning-based malware visualization detection methods via adversarial examples[C]//2019 IEEE/ACM 27th International Symposium on Quality of Service(IWQoS).IEEE,2019:1-10.
[12]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014.
[13]CARLINI N,WAGNER D.Towards evaluating the robustness of neural networks[C]//2017 IEEE Symposium on Security and Privacy(SP).IEEE,2017:39-57.
[14]GOODFELLOW I,POUGET-ABADIE J,MIRZA M,et al.Ge-nerative adversarial networks[J].Communications of the ACM,2020,63(11):139-144.
[15]BENKRAOUDA H,QIAN J,TRAN H Q,et al.Attacks on Vi-sualization-Based Malware Detection,Balancing Effectiveness and Executability[C]//International Workshop on Deployable Machine Learning for Security Defense.Cham:Springer,2021:107-131.
[16]DAS S,SUGANTHAN P N.Differential evolution,A survey of the state-of-the-art[J].IEEE Transactions on Evolutionary Computation,2010,15(1):4-31.
[17]geatpy.The genetic and evolutionary algorithm toolbox with high performance in python[EB/OL].http://www.geatpy.com/.
[18]Microsoft Inc.PE Format [EB/OL].https://docs.microsoft.com/en-us/windows/win32/debug/pe-format.
[19]DEMETRIO L,COULL S E,BIGGIO B,et al.Adversarialexemples,A survey and experimental evaluation of practical attacks on machine learning for windows malware detection[J].ACM Transactions on Privacy and Security(TOPS),2021,24(4):1-31.
[20]KOLOSNJAJI B,DEMONTIS A,BIGGIO B,et al.Adversarial malware binaries,Evading deep learning for malware detection in executables[C]//2018 26th European Signal Processing Conference(EUSIPCO).IEEE,2018:533-537.
[21]WENZL M,MERZDOVNIK G,ULLRICH J,et al.From hack to elaborate technique-a survey on binary rewriting[J].ACM Computing Surveys(CSUR),2019,52(3):1-37.
[22]VirusShare.com-Because Sharing is Caring [EB/OL].ht-tps://virusshare.com/.
[23]TEKEREK A,YAPICI M M.A novel malware classification and augmentation model based on convolutional neural network[J].Computers & Security,2022,112,102515.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发