Adversarial attack for malware detection based on deep neural networks

Abstract

Polymorphic and metamorphic methods have led to an exponential increase in malicious software. As the newborn malware have different signature before existing signatures, traditional signature-based detection is impossible to use to detect them. During the last decade, there is a lot of research that applies machine learning algorithms to malware detection. Besides, security startups, for example, DeepInstinct, BluVector, and SignalSense are emerging that use machine learning and neural networks for analyzing and detecting malware. However, machine learning models are vulnerable to adversarial examples, input data causing the model to make unintended result. In particular, the adversarial examples threatens security-critical applications or services, and malware detection is one of them. The adversarial example in malware detection means it can fool the target model to misclassify from malicious to normal but remaining the objective of malware authors.

In this thesis, we train the malware detection models based on 2D CNN and 1D CNN. Next is to find out how vulnerable they are through adversarial examples. In particular, this thesis proposes an attack method for generating adversarial examples for the binary code data and indirectly verify that they maintain feasibility and malicious function through dynamic analysis.