Black-Box Evasion Attack Method Based on Confidence Score of Benign Samples

Shaohan Wu, Jingfeng Xue, Yong Wang*, Zixiao Kong

*此作品的通讯作者

科研成果: 期刊稿件文章同行评审

摘要

Recently, malware detection models based on deep learning have gradually replaced manual analysis as the first line of defense for anti-malware systems. However, it has been shown that these models are vulnerable to a specific class of inputs called adversarial examples. It is possible to evade the detection model by adding some carefully crafted tiny perturbations to the malicious samples without changing the sample functions. Most of the adversarial example generation methods ignore the information contained in the detection results of benign samples from detection models. Our method extracts sequence fragments called benign payload from benign samples based on detection results and uses an RNN generative model to learn benign features embedded in these sequences. Then, we use the end of the original malicious sample as input to generate an adversarial perturbation that reduces the malicious probability of the sample and append it to the end of the sample to generate an adversarial sample. According to different adversarial scenarios, we propose two different generation strategies, which are the one-time generation method and the iterative generation method. Under different query times and append scale constraints, the maximum evasion success rate can reach 90.8%.

源语言英语
文章编号2346
期刊Electronics (Switzerland)
12
11
DOI
出版状态已出版 - 6月 2023

指纹

探究 'Black-Box Evasion Attack Method Based on Confidence Score of Benign Samples' 的科研主题。它们共同构成独一无二的指纹。

引用此