COPYCAT: Practical Adversarial Attacks on Visualization-Based Malware Detection

Despite many attempts, the state-of-the-art of adversarial machine learning on malware detection systems generally yield unexecutable samples. In this work, we set out to examine the robustness of visualization-based malware detection system against adversarial examples (AEs) that not only are able to fool the model, but also maintain the executability of the original input. As such, we first investigate the application of existing off-the-shelf adversarial attack approaches on malware detection systems through which we found that those approaches do not necessarily maintain the functionality of the original inputs. Therefore, we proposed an approach to generate adversarial examples, COPYCAT, which is specifically designed for malware detection systems considering two main goals; achieving a high misclassification rate and maintaining the executability and functionality of the original input. We designed two main configurations for COPYCAT, namely AE padding and sample injection. While the first configuration results in untargeted misclassification attacks, the sample injection configuration is able to force the model to generate a targeted output, which is highly desirable in the malware attribution setting. We evaluate the performance of COPYCAT through an extensive set of experiments on two malware datasets, and report that we were able to generate adversarial samples that are misclassified at a rate of 98.9% and 96.5% with Windows and IoT binary datasets, respectively, outperforming the misclassification rates in the literature. Most importantly, we report that those AEs were executable unlike AEs generated by off-the-shelf approaches. Our transferability study demonstrates that the generated AEs through our proposed method can be generalized to other models.

[1]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[2]  Tsutomu Matsumoto,et al.  IoTPOT: Analysing the Rise of IoT Compromises , 2015, WOOT.

[3]  Yanfang Ye,et al.  HinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network , 2017, KDD.

[4]  Kuinam J. Kim,et al.  A Study on Malicious Codes Pattern Analysis Using Visualization , 2011, 2011 International Conference on Information Science and Applications.

[5]  Sandro Etalle,et al.  Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics , 2018, 2018 IEEE Symposium on Visualization for Cyber Security (VizSec).

[6]  Aleksander Madry,et al.  Robustness May Be at Odds with Accuracy , 2018, ICLR.

[7]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[8]  Patrick D. McDaniel,et al.  Cleverhans V0.1: an Adversarial Machine Learning Library , 2016, ArXiv.

[9]  Jürgen Schmidhuber,et al.  Multi-column deep neural networks for image classification , 2012, 2012 IEEE Conference on Computer Vision and Pattern Recognition.

[10]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[11]  Andrei Petrovski,et al.  Botnet Detection in the Internet of Things using Deep Learning Approaches , 2018, 2018 International Joint Conference on Neural Networks (IJCNN).

[12]  Zheng Qin,et al.  IRMD: Malware Variant Detection Using Opcode Image Recognition , 2016, 2016 IEEE 22nd International Conference on Parallel and Distributed Systems (ICPADS).

[13]  Aleksander Madry,et al.  There Is No Free Lunch In Adversarial Robustness (But There Are Unexpected Benefits) , 2018, ArXiv.

[14]  Abdullah Al-Dujaili,et al.  Adversarial Deep Learning for Robust Detection of Binary Encoded Malware , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[15]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[16]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[17]  Jiliang Zhang,et al.  ATMPA: Attacking Machine Learning-based Malware Visualization Detection Methods via Adversarial Examples , 2018, 2019 IEEE/ACM 27th International Symposium on Quality of Service (IWQoS).

[18]  Eul Gyu Im,et al.  Malware analysis using visualized images and entropy graphs , 2014, International Journal of Information Security.

[19]  Rui Zhang,et al.  Malware identification using visualization images and deep learning , 2018, Comput. Secur..

[20]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[21]  Ali Dehghantanha,et al.  A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting , 2018, Future Gener. Comput. Syst..

[22]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[23]  Vijay Laxmi,et al.  AndroSimilar: Robust signature for detecting variants of Android malware , 2015, J. Inf. Secur. Appl..

[24]  Shin Ishii,et al.  Distributional Smoothing with Virtual Adversarial Training , 2015, ICLR 2016.

[25]  Aziz Mohaisen,et al.  Large-Scale and Language-Oblivious Code Authorship Identification , 2018, CCS.

[26]  B. Frey,et al.  Predicting the sequence specificities of DNA- and RNA-binding proteins by deep learning , 2015, Nature Biotechnology.

[27]  Bülent Yener,et al.  A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web , 2017, ROOTS.

[28]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[29]  Yanfang Ye,et al.  Gotcha - Sly Malware!: Scorpion A Metagraph2vec Based Malware Detection System , 2018, KDD.

[30]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[31]  Wenbo Guo,et al.  Adversary Resistant Deep Neural Networks with an Application to Malware Detection , 2016, KDD.

[32]  Sergey Bratus,et al.  A Visual Study of Primitive Binary Fragment Types , 2010 .

[33]  Richard J. Lipton,et al.  Platform-independent programs , 2010, CCS '10.

[34]  Marco Angelini,et al.  ROPMate: Visually Assisting the Creation of ROP-based Exploits , 2018, 2018 IEEE Symposium on Visualization for Cyber Security (VizSec).

[35]  Aziz Mohaisen,et al.  Detecting and Classifying Android Malware Using Static Analysis along with Creator Information , 2015, Int. J. Distributed Sens. Networks.

[36]  Claudia Eckert,et al.  Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables , 2018, 2018 26th European Signal Processing Conference (EUSIPCO).

[37]  Jun Zhu,et al.  Boosting Adversarial Attacks with Momentum , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[38]  Mansour Ahmadi,et al.  Microsoft Malware Classification Challenge , 2018, ArXiv.

[39]  Benny Pinkas,et al.  Deceiving End-to-End Deep Learning Malware Detectors using Adversarial Examples , 2018, 1802.04528.

[40]  Patrick D. McDaniel,et al.  Adversarial Examples for Malware Detection , 2017, ESORICS.

[41]  Ian J. Goodfellow,et al.  Technical Report on the CleverHans v2.1.0 Adversarial Examples Library , 2016 .

[42]  Xiaoru Yuan,et al.  User Behavior Map: Visual Exploration for Cyber Security Session Data , 2018, 2018 IEEE Symposium on Visualization for Cyber Security (VizSec).

[43]  Kouichi Sakurai,et al.  Lightweight Classification of IoT Malware Based on Image Recognition , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[44]  Aziz Mohaisen,et al.  AMAL: High-Fidelity, Behavior-Based Automated Malware Analysis and Classification , 2014, WISA.

[45]  Jingfeng Xue,et al.  Malware Visualization for Fine-Grained Classification , 2018, IEEE Access.

[46]  Tsutomu Matsumoto,et al.  IoTPOT: A Novel Honeypot for Revealing Current IoT Threats , 2016, J. Inf. Process..

[47]  Aziz Mohaisen,et al.  Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks , 2019, 2019 IEEE Conference on Dependable and Secure Computing (DSC).

[48]  Aziz Mohaisen,et al.  Adversarial Learning Attacks on Graph-based IoT Malware Detection Systems , 2019, 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS).

[49]  Yacin Nadji,et al.  Towards designing effective visualizations for DNS-based network threat analysis , 2017, 2017 IEEE Symposium on Visualization for Cyber Security (VizSec).

[50]  Dan Boneh,et al.  Ensemble Adversarial Training: Attacks and Defenses , 2017, ICLR.

[51]  Ben Y. Zhao,et al.  With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning , 2018, USENIX Security Symposium.

[52]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[53]  Jinjun Chen,et al.  Detection of Malicious Code Variants Based on Deep Learning , 2018, IEEE Transactions on Industrial Informatics.

[54]  Aziz Makandar,et al.  Malware class recognition using image processing techniques , 2017, 2017 International Conference on Data Management, Analytics and Innovation (ICDMAI).

[55]  Ananthram Swami,et al.  Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks , 2015, 2016 IEEE Symposium on Security and Privacy (SP).