Visible to the public Adversarial Machine Learning in Malware Detection: Arms Race between Evasion Attack and Defense

TitleAdversarial Machine Learning in Malware Detection: Arms Race between Evasion Attack and Defense
Publication TypeConference Paper
Year of Publication2017
AuthorsL. Chen, Y. Ye, T. Bourlai
Conference Name2017 European Intelligence and Security Informatics Conference (EISIC)
Date PublishedSept
KeywordsAdversarial Machine Learning, application program interfaces, Articles of Interest, C3E 2019, classifier retraining technique, Cognitive Security, Comodo cloud security center, computer security, data mining, Data models, Evasion Attack and Defense, evasion attack model, evasion cost, EvnAttack, Extraction, feature extraction, feature manipulations, invasive software, learning (artificial intelligence), learning-based classifier, Malware, malware detection, pattern classification, PE files, portable executable files, SecDefender, secure-learning paradigm, security regularization term, Windows API calls, Windows application programming interface calls
AbstractSince malware has caused serious damages and evolving threats to computer and Internet users, its detection is of great interest to both anti-malware industry and researchers. In recent years, machine learning-based systems have been successfully deployed in malware detection, in which different kinds of classifiers are built based on the training samples using different feature representations. Unfortunately, as classifiers become more widely deployed, the incentive for defeating them increases. In this paper, we explore the adversarial machine learning in malware detection. In particular, on the basis of a learning-based classifier with the input of Windows Application Programming Interface (API) calls extracted from the Portable Executable (PE) files, we present an effective evasion attack model (named EvnAttack) by considering different contributions of the features to the classification problem. To be resilient against the evasion attack, we further propose a secure-learning paradigm for malware detection (named SecDefender), which not only adopts classifier retraining technique but also introduces the security regularization term which considers the evasion cost of feature manipulations by attackers to enhance the system security. Comprehensive experimental results on the real sample collections from Comodo Cloud Security Center demonstrate the effectiveness of our proposed methods.
Citation Key8240775