TY - JOUR
T1 - 基于随机平滑的恶意软件识别深度学习模型鲁棒性认证方法
AU - Luo, Senlin
AU - Lu, Shuai
AU - Zhang, Yifei
AU - Pan, Limin
N1 - Publisher Copyright:
© 2023 Beijing Institute of Technology. All rights reserved.
PY - 2023/2
Y1 - 2023/2
N2 - Robustness,the ability to resist uncertain disturbances, is an important index of machine learning model. The certified method based on random smoothing can certify the robustness of large and complex models. In the task of malware identification, the noise samples obtained by adding noise to all features using random smoothing algorithm may lose the malicious function. The existing certification algorithms construct the certified region according to the likelihood ratio of noise spatial distribution from large to small, causing the certified robust region small and the certified accuracy not good. So, a robust certification method was proposed based on random smoothing for malware recognition deep learning model. The method was arranged to add discrete Bernoulli noise only to the unnecessary features of malicious functions to construct a certifiable smoothing model, and to select the region with smaller likelihood ratio to construct a certified region to achieve more accurate certified robustness. Experiment results show that the average certified radius of the proposed method on three data sets is 4.37 times, 2.67 times and 2.72 times that of the comparison method. This method can provide the certified radius closer to the actual robust boundary, possessing a strong practical value in the evaluation of model robustness.
AB - Robustness,the ability to resist uncertain disturbances, is an important index of machine learning model. The certified method based on random smoothing can certify the robustness of large and complex models. In the task of malware identification, the noise samples obtained by adding noise to all features using random smoothing algorithm may lose the malicious function. The existing certification algorithms construct the certified region according to the likelihood ratio of noise spatial distribution from large to small, causing the certified robust region small and the certified accuracy not good. So, a robust certification method was proposed based on random smoothing for malware recognition deep learning model. The method was arranged to add discrete Bernoulli noise only to the unnecessary features of malicious functions to construct a certifiable smoothing model, and to select the region with smaller likelihood ratio to construct a certified region to achieve more accurate certified robustness. Experiment results show that the average certified radius of the proposed method on three data sets is 4.37 times, 2.67 times and 2.72 times that of the comparison method. This method can provide the certified radius closer to the actual robust boundary, possessing a strong practical value in the evaluation of model robustness.
KW - certified robustness
KW - malware
KW - random smoothing
UR - http://www.scopus.com/inward/record.url?scp=85170287402&partnerID=8YFLogxK
U2 - 10.15918/j.tbit1001-0645.2022.044
DO - 10.15918/j.tbit1001-0645.2022.044
M3 - 文章
AN - SCOPUS:85170287402
SN - 1001-0645
VL - 43
SP - 197
EP - 202
JO - Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology
JF - Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology
IS - 2
ER -