We consider the problem of generating adversarial malware by a cyber-attacker where the attacker's task is to strategically modify certain bytes within existing binary malware files, so that the modified files are able to evade a malware detector such as machine learning-based malware classifier. We have evaluated three recent adversarial malware generation techniques using binary malware samples drawn from a single, publicly available malware data set and compared their performances for evading a machine-learning based malware classifier called MalConv. Our results show that among the compared techniques, the most effective technique is the one that strategically modifies bytes in a binary's header. We conclude by discussing the lessons learned and future research directions on the topic of adversarial malware generation.
翻译:我们考虑了由网络攻击者生成对抗性恶意软件的问题,攻击者的任务是对现有二进制恶意软件文档中的某些字节进行战略修改,以使修改后的文档能够避开恶意软件探测器,例如机器学习的恶意软件分类器。我们评估了最近三种对抗性恶意软件生成技术,使用了从单一的、公开的恶意软件数据集中提取的二进制恶意软件样本,并比较了他们逃避机器学习的恶意软件分类器的性能。我们的结果显示,在比较的技术中,最有效的技术是在二进制书头中从战略上修改字节的技术。我们最后讨论了关于对抗性恶意软件生成的教训和未来研究方向。