Evading PDF malware classifiers with generative adversarial network

Yaxiao Wang; Yuanzhang Li; Quanxin Zhang; Jingjing Hu; Xiaohui Kuang

doi:10.1007/978-3-030-37337-5_30

Evading PDF malware classifiers with generative adversarial network

Yaxiao Wang^*, Yuanzhang Li, Quanxin Zhang, Jingjing Hu, Xiaohui Kuang

^*Corresponding author for this work

School of Computer Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Citations (Scopus)

Abstract

Generative adversarial networks (GANs) have become one of the most popular research topics in deep learning. It is widely used in the term of image, and through the constant competition between generator and discriminator, it can generate so remarkably realistic images that human can’t distinguish. However, Although GAN has achieved great success in generating images, it is still in its infancy in generating adversarial malware examples. In this paper, we propose an PDF malware evasion method that is using GAN to generate adversarial PDF malware examples and evaluate it against four local machine learning based PDF malware classifiers. The evaluation is conducted on the same dataset which contains 100 malicious PDF files. The experimental results reveal that the proposed evasion attacks are effective, with attacks against three classifiers all attaining 100% evasion rate and attack against the last classifier also attaining 95% evasion rate on the evaluation dataset.

Original language	English
Title of host publication	Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings
Editors	Jaideep Vaidya, Xiao Zhang, Jin Li
Publisher	Springer
Pages	374-387
Number of pages	14
ISBN (Print)	9783030373368
DOIs	https://doi.org/10.1007/978-3-030-37337-5_30
Publication status	Published - 2019
Event	11th International Symposium on Cyberspace Safety and Security, CSS 2019 - Guangzhou, China Duration: 1 Dec 2019 → 3 Dec 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11982 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	11th International Symposium on Cyberspace Safety and Security, CSS 2019
Country/Territory	China
City	Guangzhou
Period	1/12/19 → 3/12/19

Keywords

Adversarial examples
Generative adversarial network
Machine learning
Malware evasion
PDF malware

Access to Document

10.1007/978-3-030-37337-5_30

Cite this

Wang, Y., Li, Y., Zhang, Q., Hu, J., & Kuang, X. (2019). Evading PDF malware classifiers with generative adversarial network. In J. Vaidya, X. Zhang, & J. Li (Eds.), Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings (pp. 374-387). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11982 LNCS). Springer. https://doi.org/10.1007/978-3-030-37337-5_30

Wang, Yaxiao ; Li, Yuanzhang ; Zhang, Quanxin et al. / Evading PDF malware classifiers with generative adversarial network. Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings. editor / Jaideep Vaidya ; Xiao Zhang ; Jin Li. Springer, 2019. pp. 374-387 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{eb43191642da4bf7a981a808d9655a19,

title = "Evading PDF malware classifiers with generative adversarial network",

abstract = "Generative adversarial networks (GANs) have become one of the most popular research topics in deep learning. It is widely used in the term of image, and through the constant competition between generator and discriminator, it can generate so remarkably realistic images that human can{\textquoteright}t distinguish. However, Although GAN has achieved great success in generating images, it is still in its infancy in generating adversarial malware examples. In this paper, we propose an PDF malware evasion method that is using GAN to generate adversarial PDF malware examples and evaluate it against four local machine learning based PDF malware classifiers. The evaluation is conducted on the same dataset which contains 100 malicious PDF files. The experimental results reveal that the proposed evasion attacks are effective, with attacks against three classifiers all attaining 100% evasion rate and attack against the last classifier also attaining 95% evasion rate on the evaluation dataset.",

keywords = "Adversarial examples, Generative adversarial network, Machine learning, Malware evasion, PDF malware",

author = "Yaxiao Wang and Yuanzhang Li and Quanxin Zhang and Jingjing Hu and Xiaohui Kuang",

note = "Publisher Copyright: {\textcopyright} 2019, Springer Nature Switzerland AG.; 11th International Symposium on Cyberspace Safety and Security, CSS 2019 ; Conference date: 01-12-2019 Through 03-12-2019",

year = "2019",

doi = "10.1007/978-3-030-37337-5_30",

language = "English",

isbn = "9783030373368",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "374--387",

editor = "Jaideep Vaidya and Xiao Zhang and Jin Li",

booktitle = "Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings",

address = "Germany",

}

Wang, Y, Li, Y , Zhang, Q , Hu, J & Kuang, X 2019, Evading PDF malware classifiers with generative adversarial network. in J Vaidya, X Zhang & J Li (eds), Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11982 LNCS, Springer, pp. 374-387, 11th International Symposium on Cyberspace Safety and Security, CSS 2019, Guangzhou, China, 1/12/19. https://doi.org/10.1007/978-3-030-37337-5_30

Evading PDF malware classifiers with generative adversarial network. / Wang, Yaxiao; Li, Yuanzhang ; Zhang, Quanxin et al.
Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings. ed. / Jaideep Vaidya; Xiao Zhang; Jin Li. Springer, 2019. p. 374-387 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11982 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Evading PDF malware classifiers with generative adversarial network

AU - Wang, Yaxiao

AU - Li, Yuanzhang

AU - Zhang, Quanxin

AU - Hu, Jingjing

AU - Kuang, Xiaohui

PY - 2019

Y1 - 2019

N2 - Generative adversarial networks (GANs) have become one of the most popular research topics in deep learning. It is widely used in the term of image, and through the constant competition between generator and discriminator, it can generate so remarkably realistic images that human can’t distinguish. However, Although GAN has achieved great success in generating images, it is still in its infancy in generating adversarial malware examples. In this paper, we propose an PDF malware evasion method that is using GAN to generate adversarial PDF malware examples and evaluate it against four local machine learning based PDF malware classifiers. The evaluation is conducted on the same dataset which contains 100 malicious PDF files. The experimental results reveal that the proposed evasion attacks are effective, with attacks against three classifiers all attaining 100% evasion rate and attack against the last classifier also attaining 95% evasion rate on the evaluation dataset.

AB - Generative adversarial networks (GANs) have become one of the most popular research topics in deep learning. It is widely used in the term of image, and through the constant competition between generator and discriminator, it can generate so remarkably realistic images that human can’t distinguish. However, Although GAN has achieved great success in generating images, it is still in its infancy in generating adversarial malware examples. In this paper, we propose an PDF malware evasion method that is using GAN to generate adversarial PDF malware examples and evaluate it against four local machine learning based PDF malware classifiers. The evaluation is conducted on the same dataset which contains 100 malicious PDF files. The experimental results reveal that the proposed evasion attacks are effective, with attacks against three classifiers all attaining 100% evasion rate and attack against the last classifier also attaining 95% evasion rate on the evaluation dataset.

KW - Adversarial examples

KW - Generative adversarial network

KW - Machine learning

KW - Malware evasion

KW - PDF malware

UR - http://www.scopus.com/inward/record.url?scp=85078537832&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-37337-5_30

DO - 10.1007/978-3-030-37337-5_30

M3 - Conference contribution

AN - SCOPUS:85078537832

SN - 9783030373368

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 374

EP - 387

BT - Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings

A2 - Vaidya, Jaideep

A2 - Zhang, Xiao

A2 - Li, Jin

PB - Springer

T2 - 11th International Symposium on Cyberspace Safety and Security, CSS 2019

Y2 - 1 December 2019 through 3 December 2019

ER -

Wang Y, Li Y , Zhang Q , Hu J, Kuang X. Evading PDF malware classifiers with generative adversarial network. In Vaidya J, Zhang X, Li J, editors, Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings. Springer. 2019. p. 374-387. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-37337-5_30

Evading PDF malware classifiers with generative adversarial network

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this