Generation & Evaluation of Adversarial Examples for Malware Obfuscation
This addresses a security vulnerability for malware detection systems, offering a novel method to create executable adversarial examples that evade defenses.
The paper tackles the problem of generating adversarial malware examples that evade image-based neural network classifiers by using obfuscation, achieving misclassification rates up to 100% in white-box and 98% in black-box settings while maintaining executability.
There has been an increased interest in the application of convolutional neural networks for image based malware classification, but the susceptibility of neural networks to adversarial examples allows malicious actors to evade classifiers. Adversarial examples are usually generated by adding small perturbations to the input that are unrecognizable to humans, but the same approach is not effective with malware. In general, these perturbations cause changes in the byte sequences that change the initial functionality or result in un-executable binaries. We present a generative model for executable adversarial malware examples using obfuscation that achieves a high misclassification rate, up to 100% and 98% in white-box and black-box settings respectively, and demonstrates transferability. We further evaluate the effectiveness of the proposed method by reporting insignificant change in the evasion rate of our adversarial examples against popular defense strategies.