Generic black-box end-to-end attack against state of the art API call based malware classifiers

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

45 Scopus citations

Abstract

In this paper, we present a black-box attack against API call based machine learning malware classifiers, focusing on generating adversarial sequences combining API calls and static features (e.g., printable strings) that will be misclassified by the classifier without affecting the malware functionality. We show that this attack is effective against many classifiers due to the transferability principle between RNN variants, feed forward DNNs, and traditional machine learning classifiers such as SVM. We also implement GADGET, a software framework to convert any malware binary to a binary undetected by malware classifiers, using the proposed attack, without access to the malware source code.

Original languageEnglish
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings
EditorsMichael Bailey, Sotiris Ioannidis, Manolis Stamatogiannakis, Thorsten Holz
PublisherSpringer Verlag
Pages490-510
Number of pages21
ISBN (Print)9783030004699
DOIs
StatePublished - 1 Jan 2018
Event21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018 - Heraklion, Greece
Duration: 10 Sep 201812 Sep 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11050 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018
Country/TerritoryGreece
CityHeraklion
Period10/09/1812/09/18

Keywords

  • Adversarial attacks
  • Deep neural networks
  • Dynamic analysis
  • Malware classification
  • Transferability

Fingerprint

Dive into the research topics of 'Generic black-box end-to-end attack against state of the art API call based malware classifiers'. Together they form a unique fingerprint.

Cite this