Hemant Rathore, Taeeb Bandwala, S. Sahay, Mohit Sewak
{"title":"Are CNN based Malware Detection Models Robust?: Developing Superior Models using Adversarial Attack and Defense","authors":"Hemant Rathore, Taeeb Bandwala, S. Sahay, Mohit Sewak","doi":"10.1145/3485730.3492867","DOIUrl":null,"url":null,"abstract":"The tremendous increase of malicious applications in the android ecosystem has prompted researchers to explore deep learning based malware detection models. However, research in other domains suggests that deep learning models are adversarially vulnerable, and thus we aim to investigate the robustness of deep learning based malware detection models. We first developed two image-based E-CNN malware detection models based on android permission and intent. We then acted as an adversary and designed the ECO-FGSM evasion attack against the above models, which achieved more than 50% fooling rate with limited perturbations. The evasion attack converts maximum malware samples into adversarial samples while minimizing the perturbations and maintaining the sample's syntactical, functional, and behavioral integrity. Later, we used adversarial retraining to counter the evasion attack and develop adversarially superior malware detection models, which should be an essential step before any real-world deployment.","PeriodicalId":356322,"journal":{"name":"Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3485730.3492867","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The tremendous increase of malicious applications in the android ecosystem has prompted researchers to explore deep learning based malware detection models. However, research in other domains suggests that deep learning models are adversarially vulnerable, and thus we aim to investigate the robustness of deep learning based malware detection models. We first developed two image-based E-CNN malware detection models based on android permission and intent. We then acted as an adversary and designed the ECO-FGSM evasion attack against the above models, which achieved more than 50% fooling rate with limited perturbations. The evasion attack converts maximum malware samples into adversarial samples while minimizing the perturbations and maintaining the sample's syntactical, functional, and behavioral integrity. Later, we used adversarial retraining to counter the evasion attack and develop adversarially superior malware detection models, which should be an essential step before any real-world deployment.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
