Black-Box Attacks against RNN based Malware Detection Algorithms
This addresses a security problem for malware detection systems, showing incremental advancement by extending adversarial attacks to sequential models.
The paper tackles the vulnerability of RNN-based malware detection systems by proposing a novel algorithm to generate sequential adversarial examples, which successfully bypass detection in most cases as shown in experiments.
Recent researches have shown that machine learning based malware detection algorithms are very vulnerable under the attacks of adversarial examples. These works mainly focused on the detection algorithms which use features with fixed dimension, while some researchers have begun to use recurrent neural networks (RNN) to detect malware based on sequential API features. This paper proposes a novel algorithm to generate sequential adversarial examples, which are used to attack a RNN based malware detection system. It is usually hard for malicious attackers to know the exact structures and weights of the victim RNN. A substitute RNN is trained to approximate the victim RNN. Then we propose a generative RNN to output sequential adversarial examples from the original sequential malware inputs. Experimental results showed that RNN based malware detection algorithms fail to detect most of the generated malicious adversarial examples, which means the proposed model is able to effectively bypass the detection algorithms.