Abstract:For efficient malware detection, there are more and more deep learning methods based on raw software binaries. Recent studies show that deep learning models can easily be fooled to make a wrong decision by introducing subtle perturbations to inputs, which attracts a large influx of work in adversarial attacks. However, most of the existing attack methods are based on manual features (e.g., API calls) or in the white-box setting, making the attacks impractical in current real-world scenarios. In this work, we propose a novel attack framework called GAPGAN, which generates adversarial payloads (padding bytes) with generative adversarial networks (GANs). To the best of our knowledge, it is the first work that performs endto-end black-box attacks at the byte-level against deep learning based malware binaries detection. In our attack framework, we map input discrete malware binaries to continuous space, then feed it to the generator of GAPGAN to generate adversarial payloads. We append payloads to the original binaries to craft an adversarial sample while preserving its functionality. We propose to use a dynamic threshold for reducing the loss of the effectiveness of the payloads when mapping it from continuous format back to the original discrete format. For balancing the attention of the generator to the payloads and the adversarial samples, we use an automatic weight tuning strategy. We train GAPGAN with both malicious and benign software. Once the training is finished, the generator can generate an adversarial sample with only the input malware in less than twenty milliseconds. We apply GAPGAN to attack the state-of-the-art detector MalConv and achieve 100% attack success rate with only appending payloads of 2.5% of the total length of the data for detection. We also attack deep learning models with different structures under different defense methods. The experiments show that GAPGAN outperforms other state-of-the-art attack models in efficiency and effectiveness.

Black-Box Adversarial Attacks Against Deep Learning Based Malware Binaries Detection with GAN

Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN.

Single-Shot Black-Box Adversarial Attacks Against Malware Detectors: A Causal Language Model Approach

Towards Efficient Data Free Blackbox Adversarial Attack

Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables

MalFox: Camouflaged Adversarial Malware Example Generation Based on Conv-GANs Against Black-Box Detectors

Query-Free Evasion Attacks Against Machine Learning-Based Malware Detectors with Generative Adversarial Networks

Binary Black-box Evasion Attacks Against Deep Learning-based Static Malware Detectors with Adversarial Byte-Level Language Model

Adversarial-Example Attacks Toward Android Malware Detection System

Adversarial Deep Learning for Robust Detection of Binary Encoded Malware

Attack and Defense of Dynamic Analysis-Based, Adversarial Neural Malware Classification Models

N-gram MalGAN: Evading machine learning detection via feature n-gram

Binary Black-Box Adversarial Attacks with Evolutionary Learning against IoT Malware Detection

Semantics-Preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection

FGAM:Fast Adversarial Malware Generation Method Based on Gradient Sign

On the Effectiveness of Adversarial Samples against Ensemble Learning-based Windows PE Malware Detectors

Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information

A Visualized Malware Detection Framework with CNN and Conditional GAN

Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection

Leveraging LSTM and GAN for Modern Malware Detection

A Comparison of State-of-the-Art Techniques for Generating Adversarial Malware Binaries