对抗训练驱动的恶意代码检测增强方法

doi:10.11959/j.issn.1000-436x.2022171

Abstract

Abstract:

To solve the deficiency of the malicious code detector’s ability to detect adversarial input, an adversarial training driven malicious code detection enhancement method was proposed.Firstly, the applications were preprocessed by a decompiler tool to extract API call features and map them into binary feature vectors.Secondly, the Wasserstein generative adversarial network was introduced to build a benign sample library to provide a richer combination of perturbations for malicious sample evasion detectors.Then, a perturbation reduction algorithm based on logarithmic backtracking was proposed.The benign samples were added to the malicious code in the form of perturbations, and the added benign perturbations were culled dichotomously to reduce the number of perturbations with fewer queries.Finally, the adversarial malicious code samples were marked as malicious and the detector was retrained to improve its accuracy and robustness of the detector.The experimental results show that the generated malicious code adversarial samples can evade the detector well.Additionally, the adversarial training increases the target detector’s accuracy and robustness.

Key words: adversarial training, detection enhancement, generative adversarial network, perturbation reduction

CLC Number:

TN92

Yanhua LIU, Jiaqi LI, Zhengui OU, Xiaoling GAO, Ximeng LIU, Weizhi MENG, Baoxu LIU. Adversarial training driven malicious code detection enhancement method[J]. Journal on Communications, 2022, 43(9): 169-180.

Figures/Tables 19

References 22

[1]	胡建伟, 车欣, 周漫 ,等．基于高斯混合模型的增量聚类方法识别恶意软件家族［J］．通信学报, 2019,40(6): 148-159．
	HU J W , CHE X , ZHOU M ,et al． Incremental clustering method based on Gaussian mixture model to identify malware family［J］． Journal on Communications, 2019,40(6): 148-159．
[2]	WANG S S , CHEN Z X , YAN Q B ,et al． Deep and broad URL feature mining for android malware detection［J］． Information Sciences, 2020,513: 600-613．
[3]	ONWUZURIKE L , MARICONTI E , ANDRIOTIS P ,et al． MaMaDroid:detecting android malware by building Markov chains of behavioral models［J］． ACM Transactions on Privacy and Security, 2019,22(2): 1-34．
[4]	刘奇旭, 王君楠, 尹捷 ,等．对抗机器学习在网络入侵检测领域的应用［J］．通信学报, 2021,42(11): 1-12．
	LIU Q X , WANG J N , YIN J ,et al． Application of adversarial machine learning in network intrusion detection［J］． Journal on Communications, 2021,42(11): 1-12．
[5]	李盼, 赵文涛, 刘强 ,等．机器学习安全性问题及其防御技术研究综述［J］．计算机科学与探索, 2018,12(2): 171-184．
	LI P , ZHAO W T , LIU Q ,et al． Security issues and their countermeasuring techniques of machine learning:a survey［J］． Journal of Frontiers of Computer Science and Technology, 2018,12(2): 171-184．
[6]	DEMETRIO L , COULL S E , BIGGIO B ,et al． Adversarial EXEmples:a survey and experimental evaluation of practical attacks on machine learning for windows malware detection［J］． ACM Transactions on Privacy and Security, 2021,24(4): 1-31．
[7]	LI D Q , LI Q M , YE Y F ,et al． Arms race in adversarial malware detection:a survey［J］． ACM Computing Surveys, 2021,55(1): 1-35．
[8]	MIRZAEIAN A , KOSECKA J , HOMAYOUN H ,et al． Diverse knowledge distillation (DKD):a solution for improving the robustness of ensemble models against adversarial attacks［C］// Proceedings of 2021 22nd International Symposium on Quality Electronic Design． Piscataway:IEEE Press, 2021: 319-324．
[9]	KWON H , LEE J ． Diversity adversarial training against adversarial attack on deep neural networks［J］． Symmetry, 2021,13(3): 428．
[10]	WANG D R , LI C R , WEN S ,et al． Defending against adversarial attack towards deep neural networks via collaborative multi-task training［J］． IEEE Transactions on Dependable and Secure Computing, 2022,19(2): 953-965．
[11]	LI D Q , LI Q M ． Adversarial deep ensemble:evasion attacks and defenses for malware detection［J］． IEEE Transactions on Information Forensics and Security, 2020,15: 3886-3900．
[12]	WANG J N , LIU Q X , LIU C G ,et al． GAN-based adversarial patch for malware C2 traffic to bypass DL detector［C］// Information and Communications Security． Berlin:Springer, 2021: 78-96．
[13]	WANG C Y , ZHANG L L , ZHAO K ,et al． AdvAndMal:adversarial training for android malware detection and family classification［J］． Symmetry, 2021,13(6): 1081．
[14]	GOODFELLOW I , POUGET-ABADIE J , MIRZA M ,et al． Generative adversarial networks［J］． Communications of the ACM, 2020,63(11): 139-144．
[15]	KIM J Y , BU S J , CHO S B ． Malware detection using deep transferred generative adversarial networks［C］// Neural Information Processing． Berlin:Springer, 2017: 556-564．
[16]	KIM J Y , BU S J , CHO S B ． Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders［J］． Information Sciences, 2018,460/461: 83-102．
[17]	LIU Y H , LI J Q , LIU B X ,et al． Malware detection method based on image analysis and generative adversarial networks［J］． Concurrency and Computation:Practice and Experience,2022:doi．org/10．1002/cpe.7170．
[18]	SUCIU O , COULL S E , JOHNS J ． Exploring adversarial examples in malware detection［C］// Proceedings of 2019 IEEE Security and Privacy Workshops． Piscataway:IEEE Press, 2019: 8-14．
[19]	HU W W , TAN Y ． Generating adversarial malware examples for black-box attacks based on GAN［J］． arXiv Preprint,arXiv:1702．05983, 2017．
[20]	王万良, 李卓蓉．生成式对抗网络研究进展［J］．通信学报, 2018,39(2): 135-148．
	WANG W L , LI Z R ． Advances in generative adversarial network［J］． Journal on Communications, 2018,39(2): 135-148．
[21]	唐川, 张义, 杨岳湘 ,等． DroidGAN:基于DCGAN的Android对抗样本生成框架［J］．通信学报, 2018,39(S1): 64-69．
	TANG C , ZHANG Y , YANG Y X ,et al． DroidGAN:Android adversarial sample generation framework based on DCGAN［J］． Journal on Communications, 2018,39(S1): 64-69．
[22]	ARJOVSKY M , CHINTALA S , BOTTOU L ． Wasserstein generative adversarial networks［C］// Proceedings of the 34th International Conference on Machine Learning．［S．l．］: JMLR.org, 2017: 214-223．

Metrics

Recommended 0

No Suggested Reading articles found!

样本名称	描述
良性样本	基于WGAN模型生成的被恶意代码检测器判断为良性的样本
扰动样本	将良性样本的 API 特征以扰动的形式添加到恶意代码样本中，生成扰动样本
对抗样本	对扰动样本进行筛选，针对可以成功绕过恶意代码检测器的样本执行扰动删减算法，得到具有绕过恶意代码检测器检测的能力和较低攻击成本的对抗样本

参数名	参数值	描述
epoch	20 000	训练次数
optimizer	RMSProp	优化器
α	0.000 05	学习率
m	64	批次大小
c	0.01	判别器的权值剪裁阈值
ncritic	5	每轮训练中判别迭代次数

检测器	RF	LR	DT	SVM	MLP
D	99.93%	99.96%	99.93%	99.65%	99.82%
D_AT	100.00%	99.84%	100.00%	99.76%	99.94%

检测器	DT	MLP	LR
D	96.90%	96.97%	94.34%
D_AT	99.75%	98.33%	94.99%

攻击模型	RF	LR	DT	SVM	MLP
AE₁	99.60%	87.97%	99.97%	91.38%	94.68%
AE₂	14.40%	32.54%	89.23%	9.18%	29.78%

Adversarial training driven malicious code detection enhancement method

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 19

References 22

Related Articles 14

Metrics

Recommended 0

攻击模型	DT	MLP	LR
AE₁	87.11%	64.80%	71.09%
AE₂	65.96%	17.56%	23.79%

[1]	Jiale ZHANG, Chengcheng ZHU, Xiaobing SUN, Bing CHEN. Membership inference attack and defense method in federated learning based on GAN [J]. Journal on Communications, 2023, 44(5): 193-205.
[2]	Xin SUN, Guifu ZHANG, Hongyan XING, Wang Zenghui. Research on intrusion detection for maritime meteorological sensor network based on balancing generative adversarial network [J]. Journal on Communications, 2023, 44(4): 124-136.
[3]	Lingtao TANG, Di WANG, Shengyun LIU. Data augmentation scheme for federated learning with non-IID data [J]. Journal on Communications, 2023, 44(1): 164-176.
[4]	Yanwen WANG, Weimin LEI, Wei ZHANG, Huan MENG, Xinyi CHEN, Wenhui YE, Qingyang JING. Survey on video image reconstruction method based on generative model [J]. Journal on Communications, 2022, 43(9): 194-208.
[5]	Xueyuan DUAN, Yu FU, Kun WANG. Multi-dimensional time series anomaly detection method based on VAE-WGAN [J]. Journal on Communications, 2022, 43(3): 1-13.
[6]	Xiayu XIANG, Jiahui WANG, Zirui WANG, Shaoming DUAN, Hezhong PAN, Rongfei ZHUANG, Peiyi HAN, Chuanyi LIU. Generate medical synthetic data based on generative adversarial network [J]. Journal on Communications, 2022, 43(3): 211-224.
[7]	Yanhui LU, Han LIU, Hang LI, Guangxu ZHU. Time series generation model based on multi-discriminator generative adversarial network [J]. Journal on Communications, 2022, 43(10): 167-176.
[8]	Wei LIU, Cheng CHEN, Rui JIANG, Tao LU. Four-path unsupervised learning-based image defogging network [J]. Journal on Communications, 2022, 43(10): 210-222.
[9]	Zhili ZHOU, Meimin WANG, Gaobo YANG, Jianyu ZHU, Xingming SUN. Generative steganography method based on auto-generation of contours [J]. Journal on Communications, 2021, 42(9): 144-154.
[10]	Hongyan WANG, Xiao YANG, Yanchao JIANG, Zumin WANG. Image denoising algorithm based on multi-channel GAN [J]. Journal on Communications, 2021, 42(3): 229-237.
[11]	Zunwen HE, Shuai HOU, Wancheng ZHANG, Yan ZHANG. Multi-feature fusion classification method for communication specific emitter identification [J]. Journal on Communications, 2021, 42(2): 103-112.
[12]	Linhui LI,Bin ZHOU,Jing LIAN,Yafu ZHOU. Research on pedestrian trajectory prediction method based on social attention mechanism [J]. Journal on Communications, 2020, 41(6): 175-183.
[13]	Hongjun LI,Chaobo LI,Shibing ZHANG. Noise robust chi-square generative adversarial network [J]. Journal on Communications, 2020, 41(3): 33-44.
[14]	Wanliang WANG,Zhuorong LI. Advances in generative adversarial network [J]. Journal on Communications, 2018, 39(2): 135-148.