Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries
作者: Battista Biggio , Fabio Roli , Giovanni Lagorio , Alessandro Armando , Luca Demetrio
DOI:
关键词:
摘要: Recent work has shown that deep-learning algorithms for malware detection are also susceptible to adversarial examples, i.e., carefully-crafted perturbations input enable misleading classification. Although this questioned their suitability task, it is not yet clear why such easily fooled in particular application domain. In work, we take a first step tackle issue by leveraging explainable machine-learning developed interpret the black-box decisions of deep neural networks. particular, use an technique known as feature attribution identify most influential features contributing each decision, and adapt provide meaningful explanations classification binaries. case, find recently-proposed convolutional network does learn any characteristic from data text sections executable files, but rather tends discriminate between benign samples based on characteristics found file header. Based finding, propose novel attack algorithm generates binaries only changing few tens bytes With respect other state-of-the-art algorithms, our require injecting padding at end file, much more efficient, requires manipulating fewer bytes.
arxiv.org参考文章(19)
Nedim Šrndić, Battista Biggio, Giorgio Giacinto, Igino Corona, Fabio Roli, Davide Maiorca, Blaine Nelson, Pavel Laskov, Evasion attacks against machine learning at test time european conference on machine learning. ,vol. 8190, pp. 387- 402 ,(2013) , 10.1007/978-3-642-40994-3_25
Omid E. David, Nathan S. Netanyahu, DeepSign: Deep learning for automatic malware signature generation and classification international joint conference on neural network. pp. 1- 8 ,(2015) , 10.1109/IJCNN.2015.7280815
Joshua Saxe, Konstantin Berlin, Deep neural network based malware detection using two dimensional binary program features international conference on malicious and unwanted software. pp. 11- 20 ,(2015) , 10.1109/MALWARE.2015.7413680
Christian Szegedy, Ian J. Goodfellow, Jonathon Shlens, Explaining and Harnessing Adversarial Examples arXiv: Machine Learning. ,(2014)
Nedim rndic, Pavel Laskov, Practical Evasion of a Learning-Based Classifier: A Case Study ieee symposium on security and privacy. pp. 197- 211 ,(2014) , 10.1109/SP.2014.20
Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z. Berkay Celik, Ananthram Swami, The Limitations of Deep Learning in Adversarial Settings ieee european symposium on security and privacy. pp. 372- 387 ,(2016) , 10.1109/EUROSP.2016.36
Marco Tulio Ribeiro, Sameer Singh, Carlos Guestrin, "Why Should I Trust You?": Explaining the Predictions of Any Classifier knowledge discovery and data mining. pp. 1135- 1144 ,(2016) , 10.1145/2939672.2939778
Zhenlong Yuan, Yongqiang Lu, Yibo Xue, DroidDetector: Android Malware Characterization and Detection Using Deep Learning Tsinghua Science & Technology. ,vol. 21, pp. 114- 123 ,(2016) , 10.1109/TST.2016.7399288
Nicolas Papernot, Patrick D. McDaniel, Kathrin Grosse, Praveen Manoharan, Michael Backes, Adversarial Perturbations Against Deep Neural Networks for Malware Classification arXiv: Cryptography and Security. ,(2016)
Percy Liang, Pang Wei Koh, Understanding black-box predictions via influence functions international conference on machine learning. pp. 1885- 1894 ,(2017)