With the rapid development of machine learning for image classification, researchers have found new applications of visualization techniques in malware detection. By converting binary code into images, researchers have shown satisfactory results in applying machine learning to extract features that are difficult to discover manually. Such visualization-based malware detection methods can capture malware patterns from many different malware families and improve malware detection speed. On the other hand, recent research has also shown adversarial attacks against such visualization-based malware detection. Attackers can generate adversarial examples by perturbing the malware binary in non-reachable regions, such as padding at the end of the binary. Alternatively, attackers can perturb the malware image embedding and then verify the executability of the malware post-transformation. One major limitation of the first attack scenario is that a simple pre-processing step can remove the perturbations before classification. For the second attack scenario, it is hard to maintain the original malware's executability and functionality. In this work, we provide literature review on existing malware visualization techniques and attacks against them. We summarize the limitation of the previous work, and design a new adversarial example attack against visualization-based malware detection that can evade pre-processing filtering and maintain the original malware functionality. We test our attack on a public malware dataset and achieve a 98% success rate.
翻译:随着图像分类的机器学习的迅速发展,研究人员在恶意软件检测中发现了可视化技术的新应用。通过将二进制代码转换成图像,研究人员在应用机器学习以提取难以人工发现的特征方面显示出令人满意的结果。这种基于视觉的恶意软件检测方法可以捕捉来自许多不同的恶意软件家庭的恶意软件模式,并提高恶意软件检测速度。另一方面,最近的研究还显示了对基于视觉的恶意软件检测的对抗性攻击。攻击者可以通过在不可接触区域中干扰恶意软件二进制生成对抗性实例,例如在二进制结尾插入。或者,攻击者可以渗透恶意软件图像嵌入并随后核查恶意软件后变异的可执行性。第一种攻击情景的一个主要局限性是,简单的预处理步骤可以在分类之前消除扰动性。在第二种攻击情景中,很难保持原始的恶意软件的可执行性和功能。在这项工作中,我们提供了现有的恶意软件可视化技术的文献审查,以及针对它们的攻击。我们总结了对恶意软件软件安装的恶意软件安装过程的极限性,我们先前的磁性工具测试了对98测试的正确性测试,我们之前的磁性工具测试了对攻击性测试,我们之前的正确性测试了对等工具的测试程序设计,我们可以保持了对等性测试。我们先前的磁性测试,对性测试了对性测试了对制磁性测试程序,对性测试了对性测试了对制磁性测试了原始的正确性测试,对制磁性测试了对制制能的测试。我们之前的正确性试验,对制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制制。