Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized Smoothing
Deep learning-based malware detectors have been shown to be susceptible to adversarial malware examples, i.e. malware examples that have been deliberately manipulated in order to avoid detection. In light of the vulnerability of deep learning detectors to subtle input file modifications, we propose...
| Autores: | , , , |
|---|---|
| Tipo de recurso: | artículo |
| Estado: | Versión publicada |
| Fecha de publicación: | 2024 |
| País: | España |
| Institución: | Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya) |
| Repositorio: | Recercat. Dipósit de la Recerca de Catalunya |
| OAI Identifier: | oai:recercat.cat:10459.1/465657 |
| Acceso en línea: | https://doi.org/10.1109/ACCESS.2024.3392391 https://hdl.handle.net/10459.1/465657 |
| Access Level: | acceso abierto |
| Palabra clave: | Adversarial defense (de)randomized smoothing Evasion attacks Machine learning |
| id |
ES_ed4e6fb377b412e8a0c3e45f761e7c00 |
|---|---|
| oai_identifier_str |
oai:recercat.cat:10459.1/465657 |
| network_acronym_str |
ES |
| network_name_str |
España |
| repository_id_str |
|
| spelling |
Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized SmoothingGibert Llauradó, DanielZizzo, GiulioLe, QuanPlanes Cid, JordiAdversarial defense(de)randomized smoothingEvasion attacksMachine learningDeep learning-based malware detectors have been shown to be susceptible to adversarial malware examples, i.e. malware examples that have been deliberately manipulated in order to avoid detection. In light of the vulnerability of deep learning detectors to subtle input file modifications, we propose a practical defense against adversarial malware examples inspired by (de)randomized smoothing. In this work, we reduce the chances of sampling adversarial content injected by malware authors by selecting correlated subsets of bytes, rather than using Gaussian noise to randomize inputs like in the Computer Vision domain. During training, our chunk-based smoothing scheme trains a base classifier to make classifications on a subset of contiguous bytes or chunk of bytes. At test time, a large number of chunks are then classified by a base classifier and the consensus among these classifications is then reported as the final prediction. We propose two strategies to determine the location of the chunks used for classification: (1) randomly selecting the locations of the chunks and (2) selecting contiguous adjacent chunks. To showcase the effectiveness of our approach, we have trained two classifiers with our chunk-based smoothing schemes on the BODMAS dataset. Our findings reveal that the chunk-based smoothing classifiers exhibit greater resilience against adversarial malware examples generated with state-of-the-art evasion attacks, outperforming a non-smoothed classifier and a randomized smoothing-based classifier by a great margin.This project has received funding from Enterprise Ireland and the European Union’s Horizon 2020 Research and Innovation Programme under the Marie Skłodowska-Curie grant agreement No 847402 and by MCIN/AEI/10.13039/501100011033/FEDER, UE under the project PID2022-139835NB-C22.Institute of Electrical and Electronics Engineers2024info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdfhttps://doi.org/10.1109/ACCESS.2024.3392391https://hdl.handle.net/10459.1/465657reponame:Recercat. Dipósit de la Recerca de Catalunyainstname:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)Inglésinfo:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación Científica y Técnica y de Innovación 2021-2023/PID2022-139835NB-C22Reproducció del document publicat a https://doi.org/10.1109/ACCESS.2024.3392391IEEE Access, 2024, vol. 12, p. 61152-61162info:eu-repo/grantAgreement/EC/H2020/847402cc-by (c) Daniel Gibert et al., 2024info:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by/4.0/oai:recercat.cat:10459.1/4656572026-05-29T05:05:01Z |
| dc.title.none.fl_str_mv |
Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized Smoothing |
| title |
Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized Smoothing |
| spellingShingle |
Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized Smoothing Gibert Llauradó, Daniel Adversarial defense (de)randomized smoothing Evasion attacks Machine learning |
| title_short |
Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized Smoothing |
| title_full |
Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized Smoothing |
| title_fullStr |
Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized Smoothing |
| title_full_unstemmed |
Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized Smoothing |
| title_sort |
Adversarial Robustness of Deep Learning-based Malware Detectors via (De)Randomized Smoothing |
| dc.creator.none.fl_str_mv |
Gibert Llauradó, Daniel Zizzo, Giulio Le, Quan Planes Cid, Jordi |
| author |
Gibert Llauradó, Daniel |
| author_facet |
Gibert Llauradó, Daniel Zizzo, Giulio Le, Quan Planes Cid, Jordi |
| author_role |
author |
| author2 |
Zizzo, Giulio Le, Quan Planes Cid, Jordi |
| author2_role |
author author author |
| dc.subject.none.fl_str_mv |
Adversarial defense (de)randomized smoothing Evasion attacks Machine learning |
| topic |
Adversarial defense (de)randomized smoothing Evasion attacks Machine learning |
| description |
Deep learning-based malware detectors have been shown to be susceptible to adversarial malware examples, i.e. malware examples that have been deliberately manipulated in order to avoid detection. In light of the vulnerability of deep learning detectors to subtle input file modifications, we propose a practical defense against adversarial malware examples inspired by (de)randomized smoothing. In this work, we reduce the chances of sampling adversarial content injected by malware authors by selecting correlated subsets of bytes, rather than using Gaussian noise to randomize inputs like in the Computer Vision domain. During training, our chunk-based smoothing scheme trains a base classifier to make classifications on a subset of contiguous bytes or chunk of bytes. At test time, a large number of chunks are then classified by a base classifier and the consensus among these classifications is then reported as the final prediction. We propose two strategies to determine the location of the chunks used for classification: (1) randomly selecting the locations of the chunks and (2) selecting contiguous adjacent chunks. To showcase the effectiveness of our approach, we have trained two classifiers with our chunk-based smoothing schemes on the BODMAS dataset. Our findings reveal that the chunk-based smoothing classifiers exhibit greater resilience against adversarial malware examples generated with state-of-the-art evasion attacks, outperforming a non-smoothed classifier and a randomized smoothing-based classifier by a great margin. |
| publishDate |
2024 |
| dc.date.none.fl_str_mv |
2024 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
https://doi.org/10.1109/ACCESS.2024.3392391 https://hdl.handle.net/10459.1/465657 |
| url |
https://doi.org/10.1109/ACCESS.2024.3392391 https://hdl.handle.net/10459.1/465657 |
| dc.language.none.fl_str_mv |
Inglés |
| language_invalid_str_mv |
Inglés |
| dc.relation.none.fl_str_mv |
info:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación Científica y Técnica y de Innovación 2021-2023/PID2022-139835NB-C22 Reproducció del document publicat a https://doi.org/10.1109/ACCESS.2024.3392391 IEEE Access, 2024, vol. 12, p. 61152-61162 info:eu-repo/grantAgreement/EC/H2020/847402 |
| dc.rights.none.fl_str_mv |
cc-by (c) Daniel Gibert et al., 2024 info:eu-repo/semantics/openAccess https://creativecommons.org/licenses/by/4.0/ |
| rights_invalid_str_mv |
cc-by (c) Daniel Gibert et al., 2024 https://creativecommons.org/licenses/by/4.0/ |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Institute of Electrical and Electronics Engineers |
| publisher.none.fl_str_mv |
Institute of Electrical and Electronics Engineers |
| dc.source.none.fl_str_mv |
reponame:Recercat. Dipósit de la Recerca de Catalunya instname:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya) |
| instname_str |
Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya) |
| reponame_str |
Recercat. Dipósit de la Recerca de Catalunya |
| collection |
Recercat. Dipósit de la Recerca de Catalunya |
| repository.name.fl_str_mv |
|
| repository.mail.fl_str_mv |
|
| _version_ |
1869423443044204544 |
| score |
15,81155 |