Auditing static machine learning anti-Malware tools against metamorphic attacks

Malicious software is one of the most serious cyber threats on the Internet today. Traditional malware detection has proven unable to keep pace with the sheer number of malware because of their growing complexity, new attacks and variants. Most malware implement various metamorphic techniques in ord...

Descripción completa

Detalles Bibliográficos
Autores: Gibert Llauradó, Daniel, Mateu Piñol, Carles, Planes Cid, Jordi, Marques-Silva, Joao
Tipo de recurso: artículo
Estado:Versión enviada para evaluación y publicación
Fecha de publicación:2021
País:España
Institución:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
Repositorio:Recercat. Dipósit de la Recerca de Catalunya
OAI Identifier:oai:recercat.cat:10459.1/71360
Acceso en línea:https://doi.org/10.1016/j.cose.2020.102159
http://hdl.handle.net/10459.1/71360
Access Level:acceso abierto
Palabra clave:Malware analysis
Malware classification
Software obfuscation
N-Gram extraction
Machine learning
Deep learning
Descripción
Sumario:Malicious software is one of the most serious cyber threats on the Internet today. Traditional malware detection has proven unable to keep pace with the sheer number of malware because of their growing complexity, new attacks and variants. Most malware implement various metamorphic techniques in order to disguise themselves, therefore preventing successful analysis and thwarting the detection by signature-based anti-malware engines. During the past decade, there has been an increase in the research and deployment of anti-malware engines powered by machine learning, and in particular deep learning, due to their ability to handle huge volumes of malware and generalize to never-before-seen samples. However, there is little research about the vulnerability of these models to adversarial examples. To fill this gap, this paper presents an exhaustive evaluation of the state-of-the-art approaches for malware classification against common metamorphic attacks. Given the limitations found in deep learning approaches, we present a simple architecture that increases 14.95% the classification performance with respect to MalConv’s architecture. Furthermore, the use of the metamorphic techniques to augment the training set is investigated and results show that it significantly improves the classification of malware belonging to families with few samples.