Go to DBLP homepageGradient-Based Adversarial Attacks Against Malware Detection by Instruction Replacement
Abstract: Deep learning plays a vital role in malware detection. The Malconv is a well-known deep learning-based open source malware detection framework and is trained on raw bytes for malware binary detection. Researchers propose adversarial example generation strategies to evade the Malconv by modifying the PE headers or the end of malware. However, these strategies that focus on non-executable portions can be easily pre-processed before classification. Therefore, we propose a new instructions replacement strategy to overcome these flaws. This paper reviews the research progress on adversarial example generation strategies for the Malconv in recent years, analyzes the reason why the Malconv can be evaded by adversarial examples and identifies two layers of the Malconv that can be attacked, and propose the gradient-based instructions replacement strategy named EFGSM that is an enhanced Fast Gradient Sign Method (FGSM), and sheds light on future work in adversarial example defense strategies for the Malconv. The paper assesses the performance of our EFGSM and existing adversarial example generation strategies upon 200 malware. The results of the evaluation show that our strategy improves the success rate from 68% to 81.5% and takes less time to generate malware examples. The paper also assesses the evasion performance of adversarial examples in three antiviruses. The results depict that our strategy is the state of the art.
Loading