A Novel Method for Improving the Robustness of Deep Learning-Based Malware Detectors Against Adversarial Attacks

Shaukat, Kamran; Luo, Suhuai; Varadharajan, Vijay

Title: A Novel Method for Improving the Robustness of Deep Learning-Based Malware Detectors Against Adversarial Attacks
Creator: Shaukat, Kamran; Luo, Suhuai; Varadharajan, Vijay
Relation: Engineering Applications of Artifical Intelligence Vol. 116, Issue November 2022, no. 105461
Publisher Link: http://dx.doi.org/10.1016/j.engappai.2022.105461
Publisher: Elsevier
Resource Type: journal article
Date: 2022
Description: Malware is constantly evolving with rising concern for cyberspace. Deep learning-based malware detectors are being used as a potential solution. However, these detectors are vulnerable to adversarial attacks. The adversarial attacks manipulate files in such a way that the resulting malware files evade being detected. Adversarial training is one of the techniques used to develop malware detectors using saddle-point (min–max) formulation. In adversarial training, malware samples are manipulated using multiple adversarial attacks to generate adversarially poisoned malware samples. These poisoned malware samples are incorporated in the training of models to make them robust against evasion attacks (i.e. attacks at the testing time). In this work, ten neural network-based malware detectors are developed, with nine trained with a particular adversarial attack and one without such training. To consider the characteristics of multiple adversarial attacks and utilise the performance of the ten detectors on various evasion attacks, a novel approach is developed to design a malware detector by training a neural network with a mixture of multiple adversarial attacks. This novel approach achieved the best performance among all the eleven malware detectors. Experimental results demonstrated that the new approach significantly enhanced the robustness of the malware detector and achieved the lowest evasion rates of 12% on average on VirusShare and 18% on average on VXHeaven datasets, respectively, against all possible evasion attacks. The experiments show that the detectors trained with other adversarial attacks such as DeepFool and multi-step bit gradient ascent achieve higher evasion rates of 17% and 36% on VirusShare, and 24% and 45% on VXHeaven datasets, respectively.
Subject: adversarial machine learning; adversarial attacks; malware detection; cybersecurity; classification; neural network
Identifier: http://hdl.handle.net/1959.13/1479960
Identifier: uon:50420
Identifier: ISSN:0952-1976
Language: eng
Reviewed

Hits: 628
Visitors: 625
Downloads: 0

		Thumbnail	File	Description	Size	Format