The Power of MEME: Adversarial Malware Creation with Model-Based Reinforcement Learning

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F24%3A00371216" target="_blank" >RIV/68407700:21230/24:00371216 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1007/978-3-031-51482-1_3" target="_blank" >https://doi.org/10.1007/978-3-031-51482-1_3</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-51482-1_3" target="_blank" >10.1007/978-3-031-51482-1_3</a>

Jazyk výsledku

angličtina

Název v původním jazyce

The Power of MEME: Adversarial Malware Creation with Model-Based Reinforcement Learning

Popis výsledku v původním jazyce

Due to the proliferation of malware, defenders are increasingly turning to automation and machine learning as part of the malware detection toolchain. However, machine learning models are susceptible to adversarial attacks, requiring the testing of model and product robustness. Meanwhile, attackers also seek to automate malware generation and evasion of antivirus systems, and defenders try to gain insight into their methods. This work proposes a new algorithm that combines Malware Evasion and Model Extraction (MEME) attacks. MEME uses model-based reinforcement learning to adversarially modify Windows executable binary samples while simultaneously training a surrogate model with a high agreement with the target model to evade. To evaluate this method, we compare it with two state-of-the-art attacks in adversarial malware creation, using three well-known published models and one antivirus product as targets. Results show that MEME outperforms the state-of-the-art methods in terms of evasion capabilities in almost all cases, producing evasive malware with an evasion rate in the range of 32–73%. It also produces surrogate models with a prediction label agreement with the respective target models between 97–99%. The surrogate could be used to fine-tune and improve the evasion rate in the future.

Název v anglickém jazyce

The Power of MEME: Adversarial Malware Creation with Model-Based Reinforcement Learning

Popis výsledku anglicky

Due to the proliferation of malware, defenders are increasingly turning to automation and machine learning as part of the malware detection toolchain. However, machine learning models are susceptible to adversarial attacks, requiring the testing of model and product robustness. Meanwhile, attackers also seek to automate malware generation and evasion of antivirus systems, and defenders try to gain insight into their methods. This work proposes a new algorithm that combines Malware Evasion and Model Extraction (MEME) attacks. MEME uses model-based reinforcement learning to adversarially modify Windows executable binary samples while simultaneously training a surrogate model with a high agreement with the target model to evade. To evaluate this method, we compare it with two state-of-the-art attacks in adversarial malware creation, using three well-known published models and one antivirus product as targets. Results show that MEME outperforms the state-of-the-art methods in terms of evasion capabilities in almost all cases, producing evasive malware with an evasion rate in the range of 32–73%. It also produces surrogate models with a prediction label agreement with the respective target models between 97–99%. The surrogate could be used to fine-tune and improve the evasion rate in the future.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VJ02010020" target="_blank" >VJ02010020: AI-Dojo: Multiagentní testbed pro výzkum a testování umělé inteligence v kyberbezpečnosti</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

28th European Symposium on Research in Computer Security, The Hague, The Netherlands, September 25–29, 2023, Proceedings, Part I

ISBN

978-3-031-50593-5

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

21

Strana od-do

44-64

Název nakladatele

Springer Nature Switzerland AG

Místo vydání

Basel

Místo konání akce

The Hague

Datum konání akce

25. 9. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001208360100003