Generic black-box end-to-end attack against state of the art API call based malware classifiers

Ishai Rosenberg; Asaf Shabtai; Lior Rokach; Yuval Elovici

doi:10.1007/978-3-030-00470-5_23

Generic black-box end-to-end attack against state of the art API call based malware classifiers

Ishai Rosenberg, Asaf Shabtai, Lior Rokach, Yuval Elovici

Department of Software and Information Systems Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

135 Scopus citations

Abstract

In this paper, we present a black-box attack against API call based machine learning malware classifiers, focusing on generating adversarial sequences combining API calls and static features (e.g., printable strings) that will be misclassified by the classifier without affecting the malware functionality. We show that this attack is effective against many classifiers due to the transferability principle between RNN variants, feed forward DNNs, and traditional machine learning classifiers such as SVM. We also implement GADGET, a software framework to convert any malware binary to a binary undetected by malware classifiers, using the proposed attack, without access to the malware source code.

Original language	English
Title of host publication	Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings
Editors	Michael Bailey, Sotiris Ioannidis, Manolis Stamatogiannakis, Thorsten Holz
Publisher	Springer Verlag
Pages	490-510
Number of pages	21
ISBN (Print)	9783030004699
DOIs	https://doi.org/10.1007/978-3-030-00470-5_23
State	Published - 1 Jan 2018
Event	21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018 - Heraklion, Greece Duration: 10 Sep 2018 → 12 Sep 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11050 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018
Country/Territory	Greece
City	Heraklion
Period	10/09/18 → 12/09/18

Keywords

Adversarial attacks
Deep neural networks
Dynamic analysis
Malware classification
Transferability

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-030-00470-5_23

Cite this

Rosenberg, I., Shabtai, A., Rokach, L., & Elovici, Y. (2018). Generic black-box end-to-end attack against state of the art API call based malware classifiers. In M. Bailey, S. Ioannidis, M. Stamatogiannakis, & T. Holz (Eds.), Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings (pp. 490-510). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11050 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-00470-5_23

Rosenberg, Ishai ; Shabtai, Asaf ; Rokach, Lior et al. / Generic black-box end-to-end attack against state of the art API call based malware classifiers. Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings. editor / Michael Bailey ; Sotiris Ioannidis ; Manolis Stamatogiannakis ; Thorsten Holz. Springer Verlag, 2018. pp. 490-510 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5d2c93dc51e7478c8fdd6d995fd672e7,

title = "Generic black-box end-to-end attack against state of the art API call based malware classifiers",

abstract = "In this paper, we present a black-box attack against API call based machine learning malware classifiers, focusing on generating adversarial sequences combining API calls and static features (e.g., printable strings) that will be misclassified by the classifier without affecting the malware functionality. We show that this attack is effective against many classifiers due to the transferability principle between RNN variants, feed forward DNNs, and traditional machine learning classifiers such as SVM. We also implement GADGET, a software framework to convert any malware binary to a binary undetected by malware classifiers, using the proposed attack, without access to the malware source code.",

keywords = "Adversarial attacks, Deep neural networks, Dynamic analysis, Malware classification, Transferability",

author = "Ishai Rosenberg and Asaf Shabtai and Lior Rokach and Yuval Elovici",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2018.; 21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018 ; Conference date: 10-09-2018 Through 12-09-2018",

year = "2018",

month = jan,

day = "1",

doi = "10.1007/978-3-030-00470-5_23",

language = "English",

isbn = "9783030004699",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "490--510",

editor = "Michael Bailey and Sotiris Ioannidis and Manolis Stamatogiannakis and Thorsten Holz",

booktitle = "Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings",

address = "Germany",

}

Rosenberg, I, Shabtai, A , Rokach, L & Elovici, Y 2018, Generic black-box end-to-end attack against state of the art API call based malware classifiers. in M Bailey, S Ioannidis, M Stamatogiannakis & T Holz (eds), Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11050 LNCS, Springer Verlag, pp. 490-510, 21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018, Heraklion, Greece, 10/09/18. https://doi.org/10.1007/978-3-030-00470-5_23

Generic black-box end-to-end attack against state of the art API call based malware classifiers. / Rosenberg, Ishai; Shabtai, Asaf ; Rokach, Lior et al.
Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings. ed. / Michael Bailey; Sotiris Ioannidis; Manolis Stamatogiannakis; Thorsten Holz. Springer Verlag, 2018. p. 490-510 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11050 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Generic black-box end-to-end attack against state of the art API call based malware classifiers

AU - Rosenberg, Ishai

AU - Shabtai, Asaf

AU - Rokach, Lior

AU - Elovici, Yuval

N1 - Publisher Copyright: © Springer Nature Switzerland AG 2018.

PY - 2018/1/1

Y1 - 2018/1/1

N2 - In this paper, we present a black-box attack against API call based machine learning malware classifiers, focusing on generating adversarial sequences combining API calls and static features (e.g., printable strings) that will be misclassified by the classifier without affecting the malware functionality. We show that this attack is effective against many classifiers due to the transferability principle between RNN variants, feed forward DNNs, and traditional machine learning classifiers such as SVM. We also implement GADGET, a software framework to convert any malware binary to a binary undetected by malware classifiers, using the proposed attack, without access to the malware source code.

AB - In this paper, we present a black-box attack against API call based machine learning malware classifiers, focusing on generating adversarial sequences combining API calls and static features (e.g., printable strings) that will be misclassified by the classifier without affecting the malware functionality. We show that this attack is effective against many classifiers due to the transferability principle between RNN variants, feed forward DNNs, and traditional machine learning classifiers such as SVM. We also implement GADGET, a software framework to convert any malware binary to a binary undetected by malware classifiers, using the proposed attack, without access to the malware source code.

KW - Adversarial attacks

KW - Deep neural networks

KW - Dynamic analysis

KW - Malware classification

KW - Transferability

UR - http://www.scopus.com/inward/record.url?scp=85053870606&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-00470-5_23

DO - 10.1007/978-3-030-00470-5_23

M3 - Conference contribution

AN - SCOPUS:85053870606

SN - 9783030004699

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 490

EP - 510

BT - Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings

A2 - Bailey, Michael

A2 - Ioannidis, Sotiris

A2 - Stamatogiannakis, Manolis

A2 - Holz, Thorsten

PB - Springer Verlag

T2 - 21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018

Y2 - 10 September 2018 through 12 September 2018

ER -

Rosenberg I, Shabtai A , Rokach L , Elovici Y. Generic black-box end-to-end attack against state of the art API call based malware classifiers. In Bailey M, Ioannidis S, Stamatogiannakis M, Holz T, editors, Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings. Springer Verlag. 2018. p. 490-510. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-00470-5_23

Generic black-box end-to-end attack against state of the art API call based malware classifiers

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this