Papers
Topics
Authors
Recent
Detailed Answer
Quick Answer
Concise responses based on abstracts only
Detailed Answer
Well-researched responses based on abstracts and relevant paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses
Gemini 2.5 Flash
Gemini 2.5 Flash 54 tok/s
Gemini 2.5 Pro 50 tok/s Pro
GPT-5 Medium 18 tok/s Pro
GPT-5 High 31 tok/s Pro
GPT-4o 105 tok/s Pro
Kimi K2 182 tok/s Pro
GPT OSS 120B 466 tok/s Pro
Claude Sonnet 4 36 tok/s Pro
2000 character limit reached

Explainability Guided Adversarial Evasion Attacks on Malware Detectors (2405.01728v1)

Published 2 May 2024 in cs.CR

Abstract: As the focus on security of AI is becoming paramount, research on crafting and inserting optimal adversarial perturbations has become increasingly critical. In the malware domain, this adversarial sample generation relies heavily on the accuracy and placement of crafted perturbation with the goal of evading a trained classifier. This work focuses on applying explainability techniques to enhance the adversarial evasion attack on a machine-learning-based Windows PE malware detector. The explainable tool identifies the regions of PE malware files that have the most significant impact on the decision-making process of a given malware detector, and therefore, the same regions can be leveraged to inject the adversarial perturbation for maximum efficiency. Profiling all the PE malware file regions based on their impact on the malware detector's decision enables the derivation of an efficient strategy for identifying the optimal location for perturbation injection. The strategy should incorporate the region's significance in influencing the malware detector's decision and the sensitivity of the PE malware file's integrity towards modifying that region. To assess the utility of explainable AI in crafting an adversarial sample of Windows PE malware, we utilize the DeepExplainer module of SHAP for determining the contribution of each region of PE malware to its detection by a CNN-based malware detector, MalConv. Furthermore, we analyzed the significance of SHAP values at a more granular level by subdividing each section of Windows PE into small subsections. We then performed an adversarial evasion attack on the subsections based on the corresponding SHAP values of the byte sequences.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (24)
  1. D. Nisi, M. Graziano, Y. Fratantonio, and D. Balzarotti, “Lost in the loader: The many faces of the windows pe file format,” in Proceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses, 2021, pp. 177–192.
  2. K. Aryal, M. Gupta, and M. Abdelsalam, “A survey on adversarial attacks for malware analysis,” arXiv preprint arXiv:2111.08223, 2021.
  3. ——, “Analysis of label-flip poisoning attack on machine learning based malware detector,” in 2022 IEEE International Conference on Big Data (Big Data).   IEEE, 2022, pp. 4236–4245.
  4. B. Kolosnjaji, A. Demontis, B. Biggio, D. Maiorca, G. Giacinto, C. Eckert, and F. Roli, “Adversarial malware binaries: Evading deep learning for malware detection in executables,” in 2018 26th European signal processing conference (EUSIPCO).   IEEE, 2018, pp. 533–537.
  5. F. Kreuk, A. Barak, S. Aviv-Reuven, M. Baruch, B. Pinkas, and J. Keshet, “Deceiving end-to-end deep learning malware detectors using adversarial examples,” arXiv preprint arXiv:1802.04528, 2018.
  6. W. Hu and Y. Tan, “Black-box attacks against rnn based malware detection algorithms,” in Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence, 2018.
  7. I. Rosenberg, S. Meir, J. Berrebi, I. Gordon, G. Sicard, and E. O. David, “Generating end-to-end adversarial examples for malware classifiers using explainability,” in 2020 international joint conference on neural networks (IJCNN).   IEEE, 2020, pp. 1–10.
  8. L. Demetrio, B. Biggio, G. Lagorio, F. Roli, and A. Armando, “Explaining vulnerabilities of deep learning to adversarial malware binaries,” arXiv preprint arXiv:1901.03583, 2019.
  9. L. Demetrio, S. E. Coull, B. Biggio, G. Lagorio, A. Armando, and F. Roli, “Adversarial exemples: A survey and experimental evaluation of practical attacks on machine learning for windows malware detection,” ACM Transactions on Privacy and Security (TOPS), vol. 24, no. 4, pp. 1–31, 2021.
  10. O. Suciu, S. E. Coull, and J. Johns, “Exploring adversarial examples in malware detection,” in 2019 IEEE Security and Privacy Workshops (SPW).   IEEE, 2019, pp. 8–14.
  11. J. Yuste, E. G. Pardo, and J. Tapiador, “Optimization of code caves in malware binaries to evade machine learning detectors,” Computers & Security, vol. 116, p. 102643, 2022.
  12. K. Aryal, M. Gupta, M. Abdelsalam, and M. Saleh, “Intra-section code cave injection for adversarial evasion attacks on windows pe malware file,” 2024.
  13. L. Vigano and D. Magazzeni, “Explainable security,” in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).   IEEE, 2020, pp. 293–300.
  14. A. Nadeem and et al., “Sok: Explainable machine learning for computer security applications,” in 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P).   IEEE, 2023, pp. 221–240.
  15. H. Manthena, J. C. Kimmel, M. Abdelsalam, and M. Gupta, “Analyzing and explaining black-box models for online malware detection,” IEEE Access, vol. 11, pp. 25 237–25 252, 2023.
  16. E. Raff, J. Barker, J. Sylvester, R. Brandon, B. Catanzaro, and C. K. Nicholas, “Malware detection by eating a whole exe,” in Workshops at the thirty-second AAAI conference on artificial intelligence, 2018.
  17. “Pe format - win32 apps — microsoft learn,” https://learn.microsoft.com/en-us/windows/win32/debug/pe-format.
  18. H. S. Anderson, A. Kharkar, B. Filar, D. Evans, and P. Roth, “Learning to evade static pe machine learning malware models via reinforcement learning,” arXiv preprint arXiv:1801.08917, 2018.
  19. B. Chen, Z. Ren, C. Yu, I. Hussain, and J. Liu, “Adversarial examples for cnn-based malware detectors,” IEEE Access, vol. 7, pp. 54 360–54 371, 2019.
  20. S. M. Lundberg and S.-I. Lee, “A unified approach to interpreting model predictions,” Advances in neural information processing systems, vol. 30, 2017.
  21. L. S. Shapley et al., “A value for n-person games,” 1953.
  22. A. Shrikumar, P. Greenside, and A. Kundaje, “Learning important features through propagating activation differences,” in International conference on machine learning.   PMLR, 2017, pp. 3145–3153.
  23. “Virustotal,” https://www.virustotal.com/.
  24. “pefile · pypi,” https://pypi.org/project/pefile/.
Citations (3)
View on Semantic Scholar
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Follow-Up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets