Skip to main content
SpringerLink
Log in

A Comparative Study of Adversarial Attacks to Malware Detectors Based on Deep Learning

  • Chapter
  • First Online:
Malware Analysis Using Artificial Intelligence and Deep Learning

Abstract

Machine learning is widely used for detecting and classifying malware. Unfortunately, machine learning is vulnerable to adversarial attacks. In this chapter, we investigate how generative adversarial approaches could affect the performance of a detection system based on machine learning. In our evaluation, we trained several neural networks for malware detection on the EMBER [3] dataset and then we built ten parallel GANs based on convolutional layer architecture (CNNs) for the generation of adversarial examples with a gradient-based method. We then evaluated the performance of our GANs, in a gray-box scenario, by computing the evasion rate reached by the adversarial generated samples. Our findings suggest that machine- and deep-learning-based malware detectors could be fooled by adversarial malicious samples with an evasion rate of around 99% providing further attack opportunities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alazab, Mamoun, Sitalakshmi Venkatraman, Paul Watters, and Moutaz Alazab. 2013. Information security governance: the art of detecting hidden malware. In IT security governance innovations: theory and research, 293–315. IGI Global.

    Google Scholar 

  2. Alzantot, Moustafa, Bharathan Balaji, and Mani Srivastava. 2018. Did you hear that? adversarial examples against automatic speech recognition. arXiv:1801.00554.

  3. Anderson, Hyrum S., and Phil Roth. 2018. Ember: an open dataset for training static pe malware machine learning models. arXiv:1804.04637.

  4. Apruzzese, Giovanni, Michele Colajanni, Luca Ferretti, Alessandro Guido, and Mirco Marchetti. 2018. On the effectiveness of machine and deep learning for cyber security. In 2018 10th international conference on cyber Conflict (CyCon), pages 371–390. IEEE, 2018.

    Google Scholar 

  5. Arbel, Michael, Dougal Sutherland, Mikołaj Bińkowski, and Arthur Gretton. 2018. On gradient regularizers for mmd gans. Advances in neural information processing systems 6700–6710.

    Google Scholar 

  6. Arjovsky, Martin, and Léon Bottou. 2017. Towards principled methods for training generative adversarial networks. arXiv:1701.04862.

  7. Azab, Ahmad, Mamoun Alazab, and Mahdi Aiash. 2016. Machine learning based botnet identification traffic. In 2016 IEEE Trustcom/BigDataSE/ISPA, 1788–1794. IEEE.

    Google Scholar 

  8. Azab, Ahmad, Robert Layton, Mamoun Alazab, and Jonathan Oliver. 2014. Mining malware to detect variants. In 2014 fifth cybercrime and trustworthy computing conference, 44–53. IEEE.

    Google Scholar 

  9. Benchea, Răzvan, and Dragoş Teodor Gavriluţ. 2014. Combining restricted boltzmann machine and one side perceptron for malware detection. In International conference on conceptual structures, 93–103. Springer.

    Google Scholar 

  10. Biggio, Battista, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim Šrndić, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion attacks against machine learning at test time. In Joint European conference on machine learning and knowledge discovery in databases, 387–402. Springer.

    Google Scholar 

  11. Biggio, Battista, Paolo Russu, Luca Didaci, Fabio Roli, et al. 2015. Adversarial biometric recognition: A review on biometric system security from the adversarial machine-learning perspective. IEEE Signal Processing Magazine 32 (5): 31–41.

    Article  Google Scholar 

  12. Brown, Tom B., Dandelion Mané, Aurko Roy, Martín Abadi, and Justin Gilmer. 2017. Adversarial patch. arXiv:1712.09665.

  13. Carlini, Nicholas, and David Wagner. 2017. Towards evaluating the robustness of neural networks. In 2017 IEEE symposium on security and privacy (sp), 39–57. IEEE.

    Google Scholar 

  14. Chen, Liang-Chieh, George Papandreou, Florian Schroff, and Hartwig Adam. 2017. Rethinking atrous convolution for semantic image segmentation. arXiv:1706.05587.

  15. Chen, Pin-Yu, Huan Zhang, Yash Sharma, Jinfeng Yi, and Cho-Jui Hsieh. 2017. Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In Proceedings of the 10th ACM workshop on artificial intelligence and security, 15–26.

    Google Scholar 

  16. Chen, Xinyun, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv:1712.05526.

  17. Damodaran, Anusha, Fabio Di Troia, Corrado Aaron Visaggio, Thomas H. Austin, and Mark Stamp. 2017. A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques 13 (1): 1–12.

    Article  Google Scholar 

  18. Dziugaite, Gintare Karolina, Daniel M Roy, and Zoubin Ghahramani. Training generative neural networks via maximum mean discrepancy optimization. arXiv:1505.03906.

  19. Firdausi, Ivan, Alva Erwin, Anto Satriyo Nugroho, et al. 2010. Analysis of machine learning techniques used in behavior-based malware detection. In 2010 second international conference on advances in computing, control, and telecommunication technologies, 201–203. IEEE.

    Google Scholar 

  20. Gibert, Daniel. 2016. Convolutional neural networks for malware classification. Tarragona, Spain: University Rovira i Virgili.

    Google Scholar 

  21. Goodfellow, Ian, Patrick McDaniel, and Nicolas Papernot. 2018. Making machine learning robust against adversarial inputs. Communications of the ACM 61 (7): 56–66.

    Article  Google Scholar 

  22. Goodfellow, Ian J., Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv:1412.6572.

  23. Grosse, Kathrin, Nicolas Papernot, Praveen Manoharan, Michael Backes, and Patrick McDaniel. 2017. Adversarial examples for malware detection. In European symposium on research in computer security, 62–79. Springer.

    Google Scholar 

  24. He, Kaiming, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2015. Delving deep into rectifiers: Surpassing human-level performance on imagenet classification. InProceedings of the IEEE international conference on computer vision 1026–1034.

    Google Scholar 

  25. Hu, Weiwei, and Ying Tan. 2017. Generating adversarial malware examples for black-box attacks based on gan. arXiv:1702.05983.

  26. Huang, Ling, Anthony D Joseph, Blaine Nelson, Benjamin IP Rubinstein, and J Doug Tygar. 2011. Adversarial machine learning. In Proceedings of the 4th ACM workshop on Security and artificial intelligence, 43–58.

    Google Scholar 

  27. Jung, Wookhyun, Sangwon Kim, and Sangyong Choi. 2015. Poster: deep learning for zero-day flash malware detection. In 36th IEEE symposium on security and privacy, vol. 10, 2809695–2817880.

    Google Scholar 

  28. Kawai, Masataka, Kaoru Ota, and Mianxing Dong. 2019. Improved malgan: Avoiding malware detector by leaning cleanware features. In 2019 international conference on artificial intelligence in information and communication (ICAIIC), 040–045. IEEE.

    Google Scholar 

  29. Ke, Guolin, Qi Meng, Thomas Finley, Taifeng Wang, Wei Chen, Weidong Ma, Qiwei Ye, and Tie-Yan Liu. 2017. Lightgbm: A highly efficient gradient boosting decision tree. In Advances in neural information processing systems 3146–3154.

    Google Scholar 

  30. Kolosnjaji, Bojan, Ambra Demontis, Battista Biggio, Davide Maiorca, Giorgio Giacinto, Claudia Eckert, and Fabio Roli. 2018. Adversarial malware binaries: Evading deep learning for malware detection in executables. In 2018 26th European signal processing conference (EUSIPCO), 533–537. IEEE.

    Google Scholar 

  31. Kolosnjaji, Bojan, Apostolis Zarras, George Webster, and Claudia Eckert. 2016. Deep learning for classification of malware system call sequences. In Australasian joint conference on artificial intelligence, 137–149. Springer.

    Google Scholar 

  32. Kreuk, Felix, Assi Barak, Shir Aviv-Reuven, Moran Baruch, Benny Pinkas, and Joseph Keshet. 2018. Deceiving end-to-end deep learning malware detectors using adversarial examples. arXiv:1802.04528.

  33. Moosavi-Dezfooli, Seyed-Mohsen, Alhussein Fawzi, and Pascal Frossard. 2016. Deepfool: a simple and accurate method to fool deep neural networks. InProceedings of the IEEE conference on computer vision and pattern recognition 2574–2582.

    Google Scholar 

  34. Muñoz-González, Luis, Battista Biggio, Ambra Demontis, Andrea Paudice, Vasin Wongrassamee, Emil C Lupu, and Fabio Roli. 2017. Towards poisoning of deep learning algorithms with back-gradient optimization. In Proceedings of the 10th ACM workshop on artificial intelligence and security, 27–38.

    Google Scholar 

  35. Obeis, Turki, and Wesam Bhaya Nawfal. 2016. Review of data mining techniques for malicious detetion. Research Journal of Applied Sciences 11 (10): 942–947.

    Google Scholar 

  36. Oyama, Yoshihiro, Takumi Miyashita, and Hirotaka Kokubo. 2019. Identifying useful features for malware detection in the ember dataset. In 2019 seventh international symposium on computing and networking workshops (CANDARW), 360–366. IEEE.

    Google Scholar 

  37. Papernot, Nicolas, Patrick McDaniel, and Ian Goodfellow. 2016. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv:1605.07277.

  38. Papernot, Nicolas, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z Berkay Celik, and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia conference on computer and communications security, 506–519.

    Google Scholar 

  39. Pascanu, Razvan, Jack W Stokes, Hermineh Sanossian, Mady Marinescu, and Anil Thomas. 2015. Malware classification with recurrent networks. In 2015 IEEE international conference on acoustics, speech and signal processing (ICASSP), 1916–1920. IEEE.

    Google Scholar 

  40. Pendlebury, Feargus, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. \(\{\)TESSERACT\(\}\): Eliminating experimental bias in malware classification across space and time. In 28th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 19), 729–746.

    Google Scholar 

  41. Pietrek, Matt. 2002. Inside windows-an in-depth look into the win32 portable executable file format. MSDN Magazine 17 (2): 80–90.

    Google Scholar 

  42. Puranik, Piyush Aniruddha. 2019. Static malware detection using deep neural networks on portable executables.

    Google Scholar 

  43. Raff, Edward, Jon Barker, Jared Sylvester, Robert Brandon, Bryan Catanzaro, and Charles Nicholas. 2017. Malware detection by eating a whole exe. arXiv:1710.09435.

  44. Redmon, Joseph, Santosh Divvala, Ross Girshick, and Ali Farhadi. 2016. You only look once: Unified, real-time object detection. In Proceedings of the IEEE conference on computer vision and pattern recognition 779–788.

    Google Scholar 

  45. Saxe, Joshua, and Konstantin Berlin. 2015. Deep neural network based malware detection using two dimensional binary program features. In 2015 10th international conference on malicious and unwanted software (MALWARE), 11–20. IEEE.

    Google Scholar 

  46. Su, Jiawei, Danilo Vasconcellos Vargas, and Kouichi Sakurai. 2019. One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation 23 (5): 828–841.

    Article  Google Scholar 

  47. Szegedy, Christian, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv:1312.6199.

  48. Ucci, Daniele, Leonardo Aniello, and Roberto Baldoni. 2019. Survey of machine learning techniques for malware analysis. Computers & Security 81: 123–147.

    Article  Google Scholar 

  49. Ye, Yanfang, Tao Li, S. Donald Adjeroh, and Sitharama, and Iyengar. 2017. A survey on malware detection using data mining techniques. ACM Computing Surveys (CSUR) 50 (3): 1–40.

    Google Scholar 

  50. Yuan, Xiaoyong, Pan He, Qile Zhu, and Xiaolin Li. 2019. Adversarial examples: Attacks and defenses for deep learning. IEEE Transactions on Neural Networks and Learning Systems 30 (9): 2805–2824.

    Article  MathSciNet  Google Scholar 

  51. Zhang, Jinlan, Qiao Yan, and Mingde Wang. 2019. Evasion attacks based on wasserstein generative adversarial network. In 2019 Computing, communications and IoT applications (ComComAp), 454–459. IEEE.

    Google Scholar 

  52. Zhong, Wei, and Gu Feng. 2019. A multi-level deep learning system for malware detection. Expert Systems with Applications 133: 151–162.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Sannio, Benevento, Italy

    Corrado Aaron Visaggio, Sonia Laudanna, Benedetta La Zazzera & Antonio Pirozzi

  2. Department of Maths and Physics, University of Campania “L.Vanvitelli”, Caserta, Italy

    Fiammetta Marulli, Sonia Laudanna, Benedetta La Zazzera & Antonio Pirozzi

Authors
  1. Corrado Aaron Visaggio
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fiammetta Marulli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sonia Laudanna
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Benedetta La Zazzera
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Antonio Pirozzi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fiammetta Marulli .

Editor information

Editors and Affiliations

  1. Department of Computer Science, San Jose State University, San Jose, CA, USA

    Mark Stamp

  2. College of Engineering, IT & Environment, Charles Darwin University, Darwin, NT, Australia

    Mamoun Alazab

  3. Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Techology, Gjøvik, Norway

    Andrii Shalaginov

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Visaggio, C.A., Marulli, F., Laudanna, S., La Zazzera, B., Pirozzi, A. (2021). A Comparative Study of Adversarial Attacks to Malware Detectors Based on Deep Learning. In: Stamp, M., Alazab, M., Shalaginov, A. (eds) Malware Analysis Using Artificial Intelligence and Deep Learning. Springer, Cham. https://doi.org/10.1007/978-3-030-62582-5_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62582-5_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62581-8

  • Online ISBN: 978-3-030-62582-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation