Congyuan Xu,Jizhong Shen,Xin Du

DOI: https://doi.org/10.1109/tifs.2020.2991876

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Conventional intrusion detection systems based on supervised learning techniques require a large number of samples for training, while in some scenarios, such as zero-day attacks, security agencies can only intercept a limited number of shots of malicious samples. Therefore, there is a need for few-shot detection. In this paper, a detection method based on a meta-learning framework is proposed for this purpose. The proposed method can be used to distinguish and compare a pair of network traffic samples as a basic task of learning, including a normal unaffected sample and a malicious one. To accomplish this task, we design a deep neural network (DNN) named FC-Net, which mainly comprises two parts: feature extraction network and comparison network. FC-Net learns a pair of feature maps for classification from a pair of network traffic samples, then compares the obtained feature maps, and finally determines whether the pair of samples belongs to the same type. To evaluate the proposed detection method, we construct two datasets for few-shot network intrusion detection based on real network traffic data sources, using a specifically developed approach. The experimental results indicate that the proposed detection method is universal and is not limited to specific datasets or attack types. Training and testing on the same datasets demonstrate that the proposed method can achieve the average detection rate up to 98.88%. The outcome of training on one dataset and testing on the other one confirms that the proposed method can achieve better performance. In a few-shot scenario, malicious samples in an untrained dataset can be detected successfully, and the average detection rate is up to 99.62%.

Aidong Xu,Lin Chen,Xiaoyun Kuang,Huahui Lv,Hang Yang,Yixin Jiang,Bo Li

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00021

2020-01-01

Abstract:In recent years, malicious programs seriously threaten the security of information system. Because of its particularity, complexity and vulnerability, power information system is difficult to detect and kill by traditional anti-virus software. To solve the above problems, this paper proposes a malicious behavior detection method based on deep learning, which can identify malicious programs and attack types according to the activities of malicious programs and malicious software behaviors. In this paper, a hybrid deep learning structure based on convolutional neural network (CNN) and long-and-short term memory (LSTM) network is proposed. The call sequence of API is combined with other statistical features. The vector information obtained is input into LSTM unit through convolution, and the classification results are obtained through the above model. Compared with the existing methods, this method significantly improves the preparation rate and execution efficiency.

Tieming Chen,Xuebo Qiu,Zhengqiu Weng,Tiantian Zhu,Mingqi Lv,Keda Sun

DOI: https://doi.org/10.1155/2024/6964759

IF: 1.968

2024-11-08

Security and Communication Networks

Abstract:Anomaly detection is essential to ensuring system security and reliability. As one of the basic techniques in the cyberattack, the existing malicious traffic classification method has been facing diverse challenges such as insufficient samples, poor denoising ability, and weak generalization of the classification model. In this paper, we propose a novel method for detecting malicious HTTP traffic based on a framework (HTTPSmell; it refers to the sniffing of some network attacks launched by exploiting the HTTP protocol.)), and XSS dataset obtained from GitHub that automatically applies a deep learning model with high generalization ability even under a small training dataset. With HTTPSmell, we are able to achieve positive results from a semisupervised model that leverages the unsupervised data augmentation (UDA) and the keywords library avoidance (KLA)‐based data augmentation method that holds higher learning generalization, higher scenario coverage rate, and better detection efficiency in the smaller training samples. Finally, we demonstrate through comprehensive experiments in the realistic enterprise environment that HTTPSmell can achieve an accuracy of 96.77% for identifying complex and advanced cyberattacks, while only maintaining a constant 60 MB of memory and sustaining up to 27 k/s throughput.

computer science, information systems,telecommunications

Jiang Xie,Shuhao Li,Yongzheng Zhanga,Peishuai Sun,Hongbo Xu

DOI: https://doi.org/10.1016/j.cose.2022.102867

2023-09-13

Abstract:The proliferation of network attacks poses a significant threat. Researchers propose datasets for network attacks to support research in related fields. Then, many attack detection methods based on these datasets are proposed. These detection methods, whether two-classification or multi-classification, belong to single-label learning, i.e., only one label is given to each sample. However, we discover that there is a noteworthy phenomenon of behavior attribute overlap between attacks, The presentation of this phenomenon in a dataset is that there are multiple samples with the same features but different labels. In this paper, we verify the phenomenon in well-known datasets(UNSW-NB15, CCCS-CIC-AndMal-2020) and re-label these data. In addition, detecting network attacks in a multi-label manner can obtain more information, providing support for tracing the attack source and building IDS. Therefore, we propose a multi-label detection model based on deep learning, MLD-Model, in which Wasserstein-Generative-Adversarial- Network-with-Gradient-Penalty (WGAN-GP) with improved loss performs data enhancement to alleviate the class imbalance problem, and Auto-Encoder (AE) performs classifier parameter pre-training. Experimental results demonstrate that MLD-Model can achieve excellent classification performance. It can achieve F1=80.06% in UNSW-NB15 and F1=83.63% in CCCS-CIC-AndMal-2020. Especially, MLD-Model is 5.99%-7.97% higher in F1 compared with the related single-label methods.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Jinhui Ning,Yu Wang,Jie Yang,Haris Gacanin,Song Ci

DOI: https://doi.org/10.1109/vtc2021-fall52928.2021.9625438

2021-01-01

Abstract:Malware traffic classification (MTC) is a key technology for solving anomaly detection and intrusion detection problems. And hence it plays an important role in the field of network security. Traditional MTC methods based on port, payload and statistic depend on the manual-designed features, which have low accuracy. Recently, deep learning methods have attracted significant attention due to their high accuracy in terms of classification. However, in practical application scenarios, deep learning methods require a large amount of labeled samples for training, while the available labeled samples for training are very rare. Furthermore, the preparation of a large amount of labeled samples requires a lot of labor costs. To solve these problems, this paper proposes two methods based on semi-supervised learning (SSL) and transfer learning (TL), respectively. Our proposed methods use a large amount of unlabeled data collected in the Internet traffic, which can greatly improve the accuracy classification with few labeled samples. Through experiments, we obtained the best method to improve the accuracy of few labeled samples in different situations. Experiment results show that our proposed methods can satisfy the requirement of MTC in the case of few labeled samples.

Xiaoxue Wu Xiaoxue Wu,Shuqi Zuo Xiaoxue Wu,Shiyu Weng Shuqi Zuo,Yongkang Jiang Shiyu Weng,Hao Huang Yongkang Jiang

DOI: https://doi.org/10.53106/160792642024012501012

2024-01-01

網際網路技術學刊

Abstract:With the widespread application of deep neural networks in image detection, adversarial sample attacks have gradually become a hot issue of concern for researchers. In this paper we propose a new adversarial sample detection approach called AdvDetector, which combines image generation through label fusion with image similarity detection. AdvDetector enhances sample quality and effectively identifies adversarial samples. Specifically, the method generates images by selecting seed pixels, the labels of deep neural network classification, and the pixel distribution learned from training data, and detects them using image similarity comparison methods. During the sample generation process, we introduce the AdvDetector method for adversarial sample detection to improve the quality of generated samples. We evaluated the effectiveness of the method on three publicly available image datasets, MNIST, Cifar-10, and GTSR, and the results show that the method is superior to existing baseline methods in terms of adversarial sample detection rate and sample generation quality.  

computer science, information systems,telecommunications

Renjie Liao,Shuo Wang

DOI: https://doi.org/10.1049/cmu2.12739

IF: 1.345

2024-03-07

IET Communications

Abstract:Malicious domains pose a severe threat to cybersecurity. As to improve the detection accuracy when the malicious domain variants increase, we proposed a novel malicious domain detection method named MDND‐SS‐PO that combines semi‐supervised learning and parameter optimization. The method extracts the statistical features of the IP address, TTL value, the NXDomain record, and the domain name query characteristics to discriminate Domain‐Flux and Fast‐Flux domain names simultaneously. And an improved DBSCAN based on the neighborhood division is applied semi‐supervised learning with less label efforts. Finally, Gaussian process regression is used to optimize parameter settings of machine learning algorithms. Experimental results show that the proposed method achieved a precise detection performance of 0.885 when the ratio of labeled data is 5%. Malicious domains provide malware with covert communication channels which poses a severe threat to cybersecurity. Despite the continuous progress in detecting malicious domains with various machine learning algorithms, maintaining up‐to‐date various samples with fine‐labeled data for training is difficult. To handle these issues and improve the detection accuracy, a novel malicious domain detection method named MDND‐SS‐PO is proposed that combines semi‐supervised learning and parameter optimization. The contributions of the study are as follows. First, the method extracts the statistical features of the IP address, TTL value, the NXDomain record, and the domain name query characteristics to discriminate Domain‐Flux and Fast‐Flux domain names simultaneously. Second, an improved DBSCAN based on the neighborhood division is designed to cluster labeled data and unlabeled data with low time consumption. Then, based on the clustering hypothesis, unlabeled data is tagged with pseudo‐label according to the cluster results, which aims to train a supervised classifier effectively. Finally, Gaussian process regression is used to optimize parameter settings of the algorithm. And the Silhouette index and F1 score are introduced to evaluate the optimization results. Experimental results show that the proposed method achieved a precise detection performance of 0.885 when the ratio of labeled data is 5%.

engineering, electrical & electronic

XiangDong Huang,Hao Li,Jiajia Liu,FengChun Liu,Jian Wang,BaoShan Xie,BaoPing Chen,Qi Zhang,Tao Xue

DOI: https://doi.org/10.1155/2022/9241670

IF: 3.12

2022-06-26

Computational Intelligence and Neuroscience

Abstract:With the rapid development of the Internet, malicious domain names pose more and more serious threats to many fields, such as network security and social security, and there have been many research results on malicious domain detection. This article proposes a malicious domain name detection model based on improved deep learning, which can combine the advantages of three different network models, convolutional neural network (CNN), temporal convolutional network (TCN), and long short-term memory network (LSTM) in malicious domain name detection, to obtain a better detection effect than that of the original single or two models. Experiments show that the effect of the improved deep learning model proposed in this article is better than that of the combined model of CNN and LSTM or the combined model of CNN and TCN, and the accuracy and regression rates reached 99.76% and 98.81%, respectively.

mathematical & computational biology,neurosciences

Jinting Zhu,Julian Jang-Jaccard,Amardeep Singh,Paul A. Watters,Seyit Camtepe

DOI: https://doi.org/10.3390/fi15060214

2023-06-15

Abstract:Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate \textgreater 91\%, compared to other similar methods.

Cryptography and Security,Artificial Intelligence

Ruonan Wang,Minhuan Huang,Jinjing Zhao,Hongzheng Zhang,Wenjing Zhong,Zhaowei Zhang,Liqiang He

DOI: https://doi.org/10.1038/s41598-024-73342-7

IF: 4.6

2024-10-23

Scientific Reports

Abstract:Classifying malicious traffic, which can trace the lineage of attackers' malicious families, is fundamental to safeguarding cybersecurity. However, the deep learning approaches currently employed require substantial volumes of data, conflicting with the challenges in acquiring and accurately labeling malicious traffic data. Additionally, edge network devices vulnerable to cyber-attacks often cannot meet the computational demands required to deploy deep learning models. The rapid mutation of malicious activities further underscores the need for models with strong generalization capabilities to adapt to evolving threats. This paper introduces an innovative few-shot malicious traffic classification method that is precise, lightweight, and exhibits enhanced generalization. By refining traditional transfer learning, the source model is segmented into public and private feature extractors for stepwise transfer, enhancing parameter alignment with specific target tasks. Neuron importance is then sorted based on the task of each feature extractor, enabling precise pruning to create an optimal lightweight model. An adversarial network guiding principle is adopted for retraining the public feature extractor parameters, thus strengthening the model's generalization power. This method achieves an accuracy of over 97% on few-shot datasets with no more than 15 samples per class, has fewer than 50 K model parameters, and exhibits superior generalization compared to baseline methods.

multidisciplinary sciences

Zhiquan Hu,Liejun Wang,Lei Qi,Yongming Li,Wenzhong Yang

DOI: https://doi.org/10.1109/access.2020.3034015

IF: 3.9

2020-01-01

IEEE Access

Abstract:The diversity of network attacks poses severe challenges to intrusion detection systems (IDSs). Traditional attack recognition methods usually adopt mining data associations to identify anomalies, which has the disadvantages of a high false alarm rate (FAR), low recognition accuracy (ACC) and poor generalization ability. To ameliorate the comprehensive capabilities of IDS and strengthen network security, we propose a novel intrusion detection method based on the adaptive synthetic sampling (ADASYN) algorithm and an improved convolutional neural network (CNN). First, we use the ADASYN method to balance the sample distribution, which can effectively prevent the model from being sensitive to large samples and ignore small samples. Second, the improved CNN is based on the split convolution module (SPC-CNN), which can increase the diversity of features and eliminate the impact of interchannel information redundancy on model training. Then, an AS-CNN model mixed with ADASYN and SPC-CNN is used for intrusion detection tasks. Finally, the standard NSL-KDD dataset is selected to test AS-CNN. The simulation illustrates that the accuracy is 4.60% and 2.79% higher than that of the traditional CNN and RNN models, and the detection rate (DR) increased by 11.34% and 10.27%, respectively. Additionally, the FAR decreased by 15.58% and 14.57%, respectively, compared with the two models.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yun-Chun Chen,Yu-Jhe Li,Aragorn Tseng,Tsungnan Lin

DOI: https://doi.org/10.48550/arXiv.1802.03358

IF: 5.414

2018-02-09

Machine Learning

Abstract:Cyber security has grown up to be a hot issue in recent years. How to identify potential malware becomes a challenging task. To tackle this challenge, we adopt deep learning approaches and perform flow detection on real data. However, real data often encounters an issue of imbalanced data distribution which will lead to a gradient dilution issue. When training a neural network, this problem will not only result in a bias toward the majority class but show the inability to learn from the minority classes. In this paper, we propose an end-to-end trainable Tree-Shaped Deep Neural Network (TSDNN) which classifies the data in a layer-wise manner. To better learn from the minority classes, we propose a Quantity Dependent Backpropagation (QDBP) algorithm which incorporates the knowledge of the disparity between classes. We evaluate our method on an imbalanced data set. Experimental result demonstrates that our approach outperforms the state-of-the-art methods and justifies that the proposed method is able to overcome the difficulty of imbalanced learning. We also conduct a partial flow experiment which shows the feasibility of real-time detection and a zero-shot learning experiment which justifies the generalization capability of deep learning in cyber security.

Hui-Juan Zhu,Liang-Min Wang,Sheng Zhong,Yang Li,Victor S. Sheng,Huijuan Zhu,Liangmin Wang

DOI: https://doi.org/10.1109/tkde.2021.3067658

IF: 9.235

2021-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Android is a growing target for malicious software (malware) because of its popularity and functionality. Malware poses a serious threat to users' privacy, money, equipment and file integrity. A series of data-driven malware detection methods were proposed. However, there exist two key challenges for these methods: (1) how to learn effective feature representation from raw data; (2) how to reduce the dependence on the prior knowledge or human labors in feature learning. Inspired by the success of deep learning methods in the feature representation learning community, we propose a malware detection framework which starts with learning rich-features by a novel unsupervised feature learning algorithm Merged Sparse Auto-Encoder (MSAE). In order to extract more compact and discriminative feature from the rich-features to further boost the malware detection capability, a hybrid deep network learning algorithm Stacked Hybrid Learning MSAE and SDAE (SHLMD) is established by further incorporating a classical deep learning method Stacked Denoising Auto-encoders (SDAE). After that, we feed the feature learned by MSAE and SHLMD respectively to classification algorithms, e.g., Support Vector Machine (SVM) or K-NearestNeighbor (KNN), to train a malware detection model. Evaluation results on two real-world datasets demonstrate that SHLMD achieves 94.46 and 90.57 percent accuracy respectively, which outperforms the classical unsupervised feature representation learning Sparse Auto-encoder (SAE). MSAE performs similarly to SAE. SHLMD can further improve the performance of MSAE and the supervised fine-tuned method SDAE. Besides, we compare the performance of our methods with that of state-of-the-art detection approaches, including classical deep-learning-based methods. Extensive experiments show that our proposed methods are effective enough to detect Android malware.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Qingjun Yuan,Chang Liu,Wentao Yu,Yuefei Zhu,Gang Xiong,Yongjuan Wang,Gaopeng Gou

DOI: https://doi.org/10.1016/j.cose.2023.103300

2023-05-20

Abstract:The effectiveness of deep-learning-based malicious traffic detection systems relies on high-quality labeled traffic datasets. However, malicious traffic labeling approaches can easily lead to incorrect labeling, which can have a harmful impact on models. To this end, various methods for learning with noise labels have been proposed. They exclude suspected wrong samples from model updates to ensure accuracy. However, this also removes hard samples, resulting in poor model decision boundaries and the loss of ability to classify hard samples. In this paper, we propose a boundary-augmentation-based approach for malicious traffic identification named BoAu. Unlike other approaches, BoAu treats all samples, including hard samples, equally during training to construct more accurate decision boundaries and thus improve accuracy. Meanwhile, a decision boundary augmentation module is designed to mitigate the impact of mislabeled hard samples on decision boundary generation. The decision boundary augmentation module adaptively adjusts the losses of hard samples based on their distance from the cluster to which their labels belong and other clusters, thus driving the shared feature representation network to fit the true label distribution. We validated BoAu in identifying malicious traffic with noise labels on a dataset covering 22 classes of realistic encrypted malicious traffic. Experimental results showed that even under scenarios with up to 90% noise labels, the classification accuracy was still over 80%, which was better than the state-of-the-art approaches. In addition, we validated the applicability of BoAu on several public datasets, including CIC-IDS-2017 and IoT-23.

computer science, information systems

Zhendong Wang,Zeyu Li,Junling Wang,Dahai Li

DOI: https://doi.org/10.1155/2021/9486949

IF: 1.968

2021-10-28

Security and Communication Networks

Abstract:The combination of deep learning and intrusion detection has become a hot topic in today’s network security. In the face of massive, high-dimensional network traffic with uneven sample distribution, how to be able to accurately detect anomalous traffic is the primary task of intrusion detection. Most research on intrusion detection systems based on network anomalous traffic detection has focused on supervised learning; however, the process of obtaining labeled data often requires a lot of time and effort, as well as the support of network experts. Therefore, it is worthwhile investigating the development of label-free self-supervised learning-based approaches called BYOL which is a simple and elegant framework with sufficiently powerful feature extraction capabilities for intrusion detection systems. In this paper, we propose a new data augmentation strategy for intrusion detection data and an intrusion detection model based on label-free self-supervised learning, using a new data augmentation strategy to introduce a perturbation enhancement model to learn invariant feature representation capability and an improved BYOL self-supervised learning method to train the UNSW-NB15 intrusion detection dataset without labels to extract network traffic feature representations. Linear evaluation on UNSW-NB15 and transfer learning on NSK-KDD, KDD CUP99, CIC IDS2017, and CIDDS_001 achieve excellent performance in all metrics.

computer science, information systems,telecommunications

Zihan Yuan,Xinpeng Zhang,Zichi Wang,Zhaoxia Yin

DOI: https://doi.org/10.1109/tetci.2024.3372373

2024-01-01

IEEE Transactions on Emerging Topics in Computational Intelligence

Abstract:Deep neural networks (DNNs) may be subject to various modifications during transmission and use. Regular processing operations do not affect the functionality of a model, while malicious tampering will cause serious damage. Therefore, it is crucial to determine the availability of a DNN model. To address this issue, we propose a semi-fragile black-box watermarking method that can distinguish between accidental modification and malicious tampering of DNNs, focusing on the privacy and security of neural network models. Specifically, for a given model, a strategy is designed to generate semi-fragile and sensitive samples using adversarial example techniques without decreasing the model accuracy. The model outputs for these samples are extremely sensitive to malicious tampering and robust to accidental modification. According to these properties, accidental modification and malicious tampering can be distinguished to assess the availability of a watermarked model. Extensive experiments demonstrate that the proposed method can detect malicious model tampering with high accuracy up to 100% while tolerating accidental modifications such as fine-tuning, pruning, and quantitation with the accuracy exceed 75%. Moreover, our semi-fragile neural network watermarking approach can be easily extended to various DNNs.

Fangwei Wang,Guofang Chai,Qingru Li,Changguang Wang

DOI: https://doi.org/10.3390/sym14020296

2022-02-01

Symmetry

Abstract:As an innovative way of communicating information, the Internet has become an indispensable part of our lives. However, it also facilitates a more widespread attack of malware. With the assistance of modern cryptanalysis, emerging malware having symmetric properties, such as encryption and decryption, pack and unpack, presents new challenges to effective malware detection. Currently, numerous malware detection approaches are based on supervised learning. The biggest challenge is that the existing systems rely on a large amount of labeled data, which is usually difficult to gain. Moreover, since the newly emerging malware has a different data distribution from the original training samples, the detection performance of these systems will degrade along with the emergence of new malware. To solve these problems, we propose an Unsupervised Domain Adaptation (UDA)-based malware detection method by jointly aligning the distribution of known and unknown malware. Firstly, the distribution divergence between the source and target domain is minimized with the help of symmetric adversarial learning to learn shared feature representations. Secondly, to further obtain semantic information of unlabeled target domain data, this paper reduces the class-level distribution divergence by aligning the class center of labeled source and pseudo-labeled target domain data. Finally, we mainly use a residual network with a self-attention mechanism to extract more accurate feature information. A series of experiments are performed on two public datasets. Experimental results illustrate that the proposed approach outperforms the existing detection methods with an accuracy of 95.63% and 95.04% in detecting unknown malware on two datasets, respectively.

Yinghua Gao,Yiming Li,Linghui Zhu,Dongxian Wu,Yong Jiang,Shu-Tao Xia

DOI: https://doi.org/10.1016/j.patcog.2023.109512

IF: 8

2023-03-18

Pattern Recognition

Abstract:Recent studies demonstrated that deep neural networks (DNNs) are vulnerable to backdoor attacks. The attacked model behaves normally on benign samples, while its predictions are misled whenever adversary-specified trigger patterns appear. Currently, clean-label backdoor attacks are usually regarded as the most stealthy methods in which adversaries can only poison samples from the target class without modifying their labels. However, these attacks can hardly succeed. In this paper, we reveal that the difficulty of clean-label attacks mainly lies in the antagonistic effects of 'robust features' related to the target class contained in poisoned samples. Specifically, robust features tend to be easily learned by victim models and thus undermine the learning of trigger patterns. Based on these understandings, we propose a simple yet effective plug-in method to enhance clean-label backdoor attacks by poisoning 'hard' instead of random samples. We adopt three classical difficulty metrics as examples to implement our method. We demonstrate that our method can consistently improve vanilla attacks, based on extensive experiments on benchmark datasets.

computer science, artificial intelligence,engineering, electrical & electronic

Liting Deng,Chengli Yu,Hui Wen,Mingfeng Xin,Yue Sun,Limin Sun,Hongsong Zhu

DOI: https://doi.org/10.1007/s11036-024-02383-z

2024-08-31

Mobile Networks and Applications

Abstract:Malware has now grown into one of the most important threats on the Internet. To meet this challenge, researchers regard malware classification as an effective method in malware analysis, which can classify the malicious samples with similar features into the same family. Although machine learning based malware classification models have great performance, they rely heavily on large-scale labeled datasets. In the real world, many malware families only have a small number of samples, which makes the traditional data-driven models perform poor results. In this paper, we propose an attention-based transductive learning network to solve the problem. In order to extract features, our approach first converts malware binaries into gray-scale images, and encodes them into feature maps using an embedding function. Then, we build a Gaussian similarity graph based on attention mechanism to transfer information from labeled instances to unknown instances. Through the end-to-end training, we demonstrate the effectiveness of the proposed approach on a malware dataset containing 11,236 samples with 30 different malware families. Comparing with state-of-the-art approaches, the experimental results show that our approach achieves a better performance.

computer science, information systems,telecommunications, hardware & architecture

Shigeng Zhang,Shuxin Chen,Chengyao Hua,Zhetao Li,Yanchun Li,Xuan Liu,Kai Chen,Zhankai Li,Weiping Wang

DOI: https://doi.org/10.1109/tifs.2023.3304455

IF: 7.231

2023-08-25

IEEE Transactions on Information Forensics and Security

Abstract:Deep neural network (DNN) models have been widely used in many tasks due to their superior performance. However, DNN models are usually vulnerable to adversarial example attacks, which limits their applications in many safety-critic scenarios. How to effectively detect adversarial examples to enhance the robustness of DNN models has attracted much attention in recent years. Most adversarial example detection methods require modifying or retraining the model, which is impractical and reduces the classification accuracy of normal examples. In this paper, we propose an adversarial example detection approach that does not require modification of the DNN models and meanwhile retains the classification accuracy of normal examples. The key observation is that when we transform the input example with some operations (e.g., masking a pixel with a reference value), feed the transformed example to the target model, and use the output of the intermediate layers to predict the label of the example, the generated label sequences of adversarial examples will be extremely discrepant but the label sequences of normal examples keep nearly unchanged. Motivated by this observation, we design an approach to detect adversarial examples based on the label sequence discrepancy (LSD) of the given examples. The experimental results against five mainstream adversarial attacks on three benchmark datasets demonstrate that LSD outperforms the state-of-the-art solutions in the detection rate of adversarial examples. Moreover, LSD performs well at various confidence levels and exhibits good generalizability between different attacks.

computer science, theory & methods,engineering, electrical & electronic