Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection
作者: Deqiang Li , Qianmu Li
DOI: 10.1109/TIFS.2020.3003571
关键词: Malware 、 Android malware 、 Ensemble learning 、 Computer security 、 Robustness (computer science) 、 Computer science 、 Adversarial system
摘要: Malware remains a big threat to cyber security, calling for machine learning based malware detection. While promising, such detectors are known be vulnerable evasion attacks. Ensemble typically facilitates countermeasures, while attackers can leverage this technique improve attack effectiveness as well. This motivates us investigate which kind of robustness the ensemble defense or achieve, particularly when they combat with each other. We thus propose new approach, named mixture attacks, by rendering capable multiple generative methods and manipulation sets, perturb example without ruining its malicious functionality. naturally leads instantiation adversarial training, is further geared enhancing deep neural networks. evaluate defenses using Android against 26 different attacks upon two practical datasets. Experimental results show that training significantly enhances networks wide range promote base classifiers robust enough, yet evade enhanced effectively, even notably downgrading VirusTotal service.
arxiv.org
sci-hub.st 参考文章(54)
Nedim Šrndić, Battista Biggio, Giorgio Giacinto, Igino Corona, Fabio Roli, Davide Maiorca, Blaine Nelson, Pavel Laskov, Evasion attacks against machine learning at test time european conference on machine learning. ,vol. 8190, pp. 387- 402 ,(2013) , 10.1007/978-3-642-40994-3_25
Zhi-Hua Zhou, Ensemble Methods: Foundations and Algorithms ,(2012)
Battista Biggio, Giorgio Fumera, Fabio Roli, Multiple classifier systems under attack international conference on multiple classifier systems. ,vol. 5997, pp. 74- 83 ,(2010) , 10.1007/978-3-642-12127-2_8
Dimitri P. Bertsekas, Constrained Optimization and Lagrange Multiplier Methods ,(2014)
John Duchi, Shai Shalev-Shwartz, Yoram Singer, Tushar Chandra, Efficient projections onto thel1-ball for learning in high dimensions Proceedings of the 25th international conference on Machine learning - ICML '08. pp. 272- 279 ,(2008) , 10.1145/1390156.1390191
Nedim rndic, Pavel Laskov, Practical Evasion of a Learning-Based Classifier: A Case Study ieee symposium on security and privacy. pp. 197- 211 ,(2014) , 10.1109/SP.2014.20
Li Xu, Zhenxin Zhan, Shouhuai Xu, Keying Ye, Cross-layer detection of malicious websites Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13. pp. 141- 152 ,(2013) , 10.1145/2435349.2435366
Battista Biggio, Giorgio Fumera, Fabio Roli, Multiple classifier systems for robust classifier design in adversarial environments International Journal of Machine Learning and Cybernetics. ,vol. 1, pp. 27- 41 ,(2010) , 10.1007/S13042-010-0007-7
Charles Smutz, Angelos Stavrou, Malicious PDF detection using metadata and structural features Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12. pp. 239- 248 ,(2012) , 10.1145/2420950.2420987
Kay Henning Brodersen, Cheng Soon Ong, Klaas Enno Stephan, Joachim M. Buhmann, The Balanced Accuracy and Its Posterior Distribution international conference on pattern recognition. pp. 3121- 3124 ,(2010) , 10.1109/ICPR.2010.764