TY - GEN
T1 - Evading PDF malware classifiers with generative adversarial network
AU - Wang, Yaxiao
AU - Li, Yuanzhang
AU - Zhang, Quanxin
AU - Hu, Jingjing
AU - Kuang, Xiaohui
N1 - Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019
Y1 - 2019
N2 - Generative adversarial networks (GANs) have become one of the most popular research topics in deep learning. It is widely used in the term of image, and through the constant competition between generator and discriminator, it can generate so remarkably realistic images that human can’t distinguish. However, Although GAN has achieved great success in generating images, it is still in its infancy in generating adversarial malware examples. In this paper, we propose an PDF malware evasion method that is using GAN to generate adversarial PDF malware examples and evaluate it against four local machine learning based PDF malware classifiers. The evaluation is conducted on the same dataset which contains 100 malicious PDF files. The experimental results reveal that the proposed evasion attacks are effective, with attacks against three classifiers all attaining 100% evasion rate and attack against the last classifier also attaining 95% evasion rate on the evaluation dataset.
AB - Generative adversarial networks (GANs) have become one of the most popular research topics in deep learning. It is widely used in the term of image, and through the constant competition between generator and discriminator, it can generate so remarkably realistic images that human can’t distinguish. However, Although GAN has achieved great success in generating images, it is still in its infancy in generating adversarial malware examples. In this paper, we propose an PDF malware evasion method that is using GAN to generate adversarial PDF malware examples and evaluate it against four local machine learning based PDF malware classifiers. The evaluation is conducted on the same dataset which contains 100 malicious PDF files. The experimental results reveal that the proposed evasion attacks are effective, with attacks against three classifiers all attaining 100% evasion rate and attack against the last classifier also attaining 95% evasion rate on the evaluation dataset.
KW - Adversarial examples
KW - Generative adversarial network
KW - Machine learning
KW - Malware evasion
KW - PDF malware
UR - http://www.scopus.com/inward/record.url?scp=85078537832&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-37337-5_30
DO - 10.1007/978-3-030-37337-5_30
M3 - Conference contribution
AN - SCOPUS:85078537832
SN - 9783030373368
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 374
EP - 387
BT - Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings
A2 - Vaidya, Jaideep
A2 - Zhang, Xiao
A2 - Li, Jin
PB - Springer
T2 - 11th International Symposium on Cyberspace Safety and Security, CSS 2019
Y2 - 1 December 2019 through 3 December 2019
ER -