A novel method for improving the robustness of deep learning-based malware detectors against adversarial attacks. (November 2022)
- Record Type:
- Journal Article
- Title:
- A novel method for improving the robustness of deep learning-based malware detectors against adversarial attacks. (November 2022)
- Main Title:
- A novel method for improving the robustness of deep learning-based malware detectors against adversarial attacks
- Authors:
- Shaukat, Kamran
Luo, Suhuai
Varadharajan, Vijay - Abstract:
- Abstract: Malware is constantly evolving with rising concern for cyberspace. Deep learning-based malware detectors are being used as a potential solution. However, these detectors are vulnerable to adversarial attacks. The adversarial attacks manipulate files in such a way that the resulting malware files evade being detected. Adversarial training is one of the techniques used to develop malware detectors using saddle-point (min–max) formulation. In adversarial training, malware samples are manipulated using multiple adversarial attacks to generate adversarially poisoned malware samples. These poisoned malware samples are incorporated in the training of models to make them robust against evasion attacks (i.e. attacks at the testing time). In this work, ten neural network-based malware detectors are developed, with nine trained with a particular adversarial attack and one without such training. To consider the characteristics of multiple adversarial attacks and utilise the performance of the ten detectors on various evasion attacks, a novel approach is developed to design a malware detector by training a neural network with a mixture of multiple adversarial attacks. This novel approach achieved the best performance among all the eleven malware detectors. Experimental results demonstrated that the new approach significantly enhanced the robustness of the malware detector and achieved the lowest evasion rates of 12% on average on VirusShare and 18% on average on VXHeavenAbstract: Malware is constantly evolving with rising concern for cyberspace. Deep learning-based malware detectors are being used as a potential solution. However, these detectors are vulnerable to adversarial attacks. The adversarial attacks manipulate files in such a way that the resulting malware files evade being detected. Adversarial training is one of the techniques used to develop malware detectors using saddle-point (min–max) formulation. In adversarial training, malware samples are manipulated using multiple adversarial attacks to generate adversarially poisoned malware samples. These poisoned malware samples are incorporated in the training of models to make them robust against evasion attacks (i.e. attacks at the testing time). In this work, ten neural network-based malware detectors are developed, with nine trained with a particular adversarial attack and one without such training. To consider the characteristics of multiple adversarial attacks and utilise the performance of the ten detectors on various evasion attacks, a novel approach is developed to design a malware detector by training a neural network with a mixture of multiple adversarial attacks. This novel approach achieved the best performance among all the eleven malware detectors. Experimental results demonstrated that the new approach significantly enhanced the robustness of the malware detector and achieved the lowest evasion rates of 12% on average on VirusShare and 18% on average on VXHeaven datasets, respectively, against all possible evasion attacks. The experiments show that the detectors trained with other adversarial attacks such as DeepFool and multi-step bit gradient ascent achieve higher evasion rates of 17% and 36% on VirusShare, and 24% and 45% on VXHeaven datasets, respectively. Graphical abstract: Highlights: An approach to combining adversarial attacks is proposed to analyse the robustness of malware detectors against attacks. Ten adversarial attacks are created to generate binary-encoded malicious samples, including the proposed combined attack. The adversarial training is used as a defence strategy to train ten neural network-based malware detectors. Experiments are performed on two separate sets of malicious PEs corpus collected from VirusShare and VXHeaven repositories. The effectiveness and hardness of malware detectors are validated in terms of accuracy, false-positive, and evasion rates. … (more)
- Is Part Of:
- Engineering applications of artificial intelligence. Volume 116(2022)
- Journal:
- Engineering applications of artificial intelligence
- Issue:
- Volume 116(2022)
- Issue Display:
- Volume 116, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 116
- Issue:
- 2022
- Issue Sort Value:
- 2022-0116-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-11
- Subjects:
- Adversarial machine learning -- Adversarial attacks -- Malware detection -- Cybersecurity -- Classification -- Neural network -- VirusShare -- VXHeaven -- cyberattack -- Adversarial defence -- Adversarial training -- Evasion attack
Engineering -- Data processing -- Periodicals
Artificial intelligence -- Periodicals
Expert systems (Computer science) -- Periodicals
Ingénierie -- Informatique -- Périodiques
Intelligence artificielle -- Périodiques
Systèmes experts (Informatique) -- Périodiques
Artificial intelligence
Engineering -- Data processing
Expert systems (Computer science)
Periodicals
620.00285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/09521976 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.engappai.2022.105461 ↗
- Languages:
- English
- ISSNs:
- 0952-1976
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3755.704500
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24155.xml