Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (10): 382-394.doi: 10.11896/jsjkx.240800046

• Information Security • Previous Articles     Next Articles

Benign-salient Region Based End-to-End Adversarial Malware Generation Method

YUAN Mengjiao, LU Tianliang, HUANG Wanxin, HE Houhan   

  1. College of Information Network Security,People's Public Security University of China,Beijing 100038,China
  • Received:2024-08-07 Revised:2024-11-09 Online:2025-10-15 Published:2025-10-14
  • About author:YUAN Mengjiao,born in 1999,postgraduate.Her main research interests include adversarial examples and malware detection.
    LU Tianliang,born in 1985,Ph.D,professor,Ph.D supervisor.His main research interests include cyber security and artificial intelligence security.
  • Supported by:
    Science and Technology Program of Ministry of Public Security(2023JSM09),Fundamental Research Funds for the Central Universities of Ministry of Education of China(2023JKF01ZK08) and Double First-Class Innovation Research Project for People's Public Security University of China(2023SYL07).

PDF (PC)

2

Abstract: Malware detection methods combining visualization techniques and deep learning have gained widespread attention due to their high accuracy and low cost.However,deep learning models are vulnerable to adversarial attacks,where intentional small-scale perturbations can misguide the model into making incorrect decisions with high confidence.Current research on adversarial attacks targeting visualization-based detection methods for Windows malware has primarily focused on improving the effectiveness of adversarial images,while neglecting the actual harmfulness of adversarial examples.Therefore,this study proposes a novel method to generate harmful adversarial malware,BREAM(Benign-salient Region based End-to-end Adversarial Malware generation method).Firstly,selecting the salient regions of benign images as initial perturbations to enhance the attack effect on adversarial images,and introducing a mask matrix to restrict the perturbation range to ensure the functionality of adversarial examples.Then,an inverse feature mapping method is proposed to convert adversarial images into adversarial malware,achieving end-to-end generation of malware adversarial examples.The attack performance of BREAM is evaluated on four target models,and experimental results show that when the target models employ bilinear interpolation and nearest neighbor interpolation respectively,compared with existing methods,the attack success rate of adversarial images generated by BREAM has increased by an average of 47.96% and 28.39%;the attack success rate of adversarial malware has increased by an average of 53.25% and 61.93%,causing the classification accuracy of the target models to decrease by an average of 92.82% and 73.64%.

Key words: Adversarial examples,Adversarial attacks,Malware detection,Malware visualization,Convolutional neural network

CLC Number: 

  • TP309.5
[1]SKOUDIS E,ZELTSER L.Malware:Fighting malicious code[M].Prentice Hall Professional,2004.
[2]SIKORSKI M,HONIG A.Practical malware analysis:thehands-on guide to dissecting malicious software[M].No Starch Press,2012.
[3]GOPINATH M,SETHURAMAN S C.A comprehensive survey on deep learning based malware detection techniques[J].Computer Science Review,2023,47:100529.
[4]CUI Z,XUE F,CAI X,et al.Detection of malicious code va-riants based on deep learning[J].IEEE Transactions on Industrial Informatics,2018,14(7):3187-3196.
[5]KALASH M,ROCHAN M,MOHAMMED N,et al.Malwareclassification with deep convolutional neural net-works[C]//2018 9th IFIP International Conference on New Technologies,Mobility and Security(NTMS).2018:1-5.
[6]KORNISH D,GEARY J,SANSING V,et al.Malware classification using deep convolutional neural networks[C]//2018 IEEE Applied Imagery Pattern Recognition Workshop(AIPR).2018:1-6.
[7]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014.
[8]PAPERNOT N,MCDANIEL P,WU X,et al.Distillation as adefense to adversarial perturbations against deep neural net-works[C]//2016 IEEE Symposium on Security and Privacy(SP).2016:582-597.
[9]CARLINI N,WAGNER D.Towards evaluating the robustness of neural networks[C]//2017 IEEE Symposium on Security and Privacy(SP).2017:39-57.
[10]DONG Y,LIAO F,PANG T,et al.Boosting adversarial attacks with momentum[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2018:9185-9193.
[11]LIN J,SONG C,HE K,et al.Nesterov accelerated gradient and scale invariance for adversarial attacks[J].arXiv:1908.06281,2019.
[12]PIERAZZI F,PENDLEBURY F,CORTELLAZZI J,et al.Intriguing properties of adversarial ml attacks in the problem space[C]//2020 IEEE Symposium on Security and Privacy(SP).2020:1332-1349.
[13]LING X,WU L,ZHANG J,et al.Adversarial attacks againstWindows PE malware detection:A survey of the state-of-the-art[J].Computers & Security,2023,128:103134.
[14]CHATTOPADHAY A,SARKAR A,HOWLADER P,et al.Grad-cam++:Generalized gradient-based visual explanations for deep convolutional networks[C]//2018 IEEE Winter Conference on Applications of Computer Vision(WACV).2018:839-847.
[15]NATARAJ L,KARTHIKEYAN S,JACOB G,et al.Malware images:visualization and automatic classification[C]//Procee-dings of the 8th International Symposium on Visualization for Cyber Security.2011:1-7.
[16]HAN K S,LIM J H,KANG B,et al.Malware analysis usingvisualized images and entropy graphs[J].International Journal of Information Security,2015,14:1-14.
[17]MAKANDAR A,PATROT A.Malware class recognition using image processing techniques[C]//2017 International Conference on Data Management,Analytics and Innovation(ICDMAI).2017:76-80.
[18]CUI Z,XUE F,CAI X,et al.Detection of malicious code va-riants based on deep learning[J].IEEE Transactions on Industrial Informatics,2018,14(7):3187-3196.
[19]GIBERT D,MATEU C,PLANES J,et al.Using convolutional neural networks for classification of malware represented as images[J].Journal of Computer Virology and Hacking Techniques,2019,15:15-28.
[20]LIU X,ZHANG J,LIN Y,et al.ATMPA:attacking machine learning-based malware visualization detection methods via adversarial examples[C]//Proceedings of the International Symposium on Quality of Service.2019:1-10.
[21]CHEN J Y,ZOU J F,YUAN J K,et al.Black-box adversarial attack method towards malware detection [J].Computer Science,2021,48(5):60-67.
[22]KHORMALI A,ABUSNAINA A,CHEN S,et al.COPYCAT:practical adversarial attacks on visualization-based malware detection[J].arXiv:1909.09735,2019.
[23]ZHAN D,DUAN Y,HU Y,et al.AMGmal:Adaptive mask-guided adversarial attack against malware detection with minimal perturbation[J].Computers & Security,2023,127:103103.
[24]ZHAN D,HU Y,LI W,et al.Towards robust CNN-based malware classifiers using adversarial examples generated based on two saliency similarities[J].Neural Computing and Applications,2023,35(23):17129-17146.
[25]JIANG Z J,CHEN Y,XIONG Z M,et al.Adversarial Examples with Unlimited Amount of Additions[J].Journal of Frontiers of Computer Science and Technology,2024,18(2):526-537.
[26]XIAO M,GUO C,SHEN G W,et al.Adversarial Example Remaining Availability and Functionality[J].Journal of Frontiers of Computer Science and Technology,2022,16(10):2286-2297.
[27]LI K,GUO W,ZHANG F,et al.Adversarial malware generation method based on genetic algorithm[J].Computer Science,2023,50(7):325-331.
[28]CHEN B,REN Z,YU C,et al.Adversarial examples for cnn-based malware detectors[J].IEEE Access,2019,7:54360-54371.
[29]ZHOU B,KHOSLA A,LAPEDRIZA A,et al.Learning deep features for discriminative localization[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:2921-2929.
[30]SELVARAJU R R,COGSWELL M,DAS A,et al.Grad-cam:Visual explanations from deep networks via gradient-based localization[C]//Proceedings of the IEEE International Confe-rence on Computer Vision.2017:618-626.
[31]KREUK F,BARAK A,AVIV-REUVEN S,et al.Deceiving end-to-end deep learning malware detectors using adversarial examples[J].arXiv:1802.04528,2018.
[32]SUCIU O,COULL S E,JOHNS J.Exploring adversarial examples in malware detection[C]//2019 IEEE Security and Privacy Workshops(SPW).2019:8-14.
[33]NOCEDAL J.Updating quasi-Newton matrices with limitedstorage[J].Mathematics of Computation,1980,35(151):773-782.
[34]YANG L,CIPTADI A,LAZIUK I,et al.BODMAS:An open dataset for learning based temporal analysis of PE malware[C]//2021 IEEE Security and Privacy Workshops(SPW).2021:78-84.
[35]HUANG G,LIU Z,VAN DER MAATEN L,et al.Densely con-nected convolutional networks[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2017:4700-4708.
[36]SIMONYAN K,ZISSERMAN A.Very deep convolutional networks for large-scale image recognition[J].arXiv:1409.1556,2014.
[37]HE K,ZHANG X,REN S,et al.Deep residual learning forimage recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778.
[38]KRIZHEVSKY A,SUTSKEVER I,HINTON G E.Imagenetclassification with deep convolutional neural networks[J].Advances in Neural Information Processing Systems,2017,60(6):84-90.
[39]WANG Z,BOVIK A C,SHEIKH H R,et al.Image quality assessment:from error visibility to structural similarity[J].IEEE Transactions on Image Processing,2004,13(4):600-612.
[40]ZHANG R,ISOLA P,EFROS A A,et al.The unreasonable effectiveness of deep features as a perceptual metric[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2018:586-595.
[41]HARANG R,RUDD E M.SOREL-20M:A large scale bench-mark dataset for malicious PE detection[J].arXiv:2012.07634,2020.
[1] LI Jianqiu, LIU Wanping, HUANG Dong, ZHANG Qiong. Multimodal Fusion Based Dynamic Malware Detection [J]. Computer Science, 2024, 51(11A): 240200098-7.
[2] GAO Zhen, CHEN Fucai, WANG Yawen, HE Weizhen. VPN Traffic Hijacking Defense Technology Based on Mimic Defense [J]. Computer Science, 2023, 50(11): 340-347.
[3] LI Kun, GUO Wei, ZHANG Fan, DU Jiayu, YANG Meiyue. Adversarial Malware Generation Method Based on Genetic Algorithm [J]. Computer Science, 2023, 50(7): 325-331.
[4] HOU Shang-wen, HUANG Jian-jun, LIANG Bin, YOU Wei, SHI Wen-chang. Defense Method Against Code Reuse Attack Based on Real-time Code Loading and Unloading [J]. Computer Science, 2022, 49(10): 279-284.
[5] CHEN Tao, SHU Hui, XIONG Xiao-bing. Study of Universal Shellcode Generation Technology [J]. Computer Science, 2021, 48(4): 288-294.
[6] ZHANG Lan, LAI Yao, YE Xiao-jun. Attention Mechanism Based Detection of Malware Call Sequences [J]. Computer Science, 2019, 46(12): 132-137.
[7] ZHANG Zong-mei, GUI Sheng-lin, REN Fei. Android Malware Detection Based on N-gram [J]. Computer Science, 2019, 46(2): 145-151.
[8] NIU Wei-na, ZHANG Xiao-song, YANG Guo-wu, ZHUO Zhong-liu, LU Jia-zhong. Modeling and Analysis of Botnet with Heterogeneous Infection Rate [J]. Computer Science, 2018, 45(7): 135-138.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.