Efficient Black-box Optimization of Adversarial EXE Windows Malware
Windows malware detectors based on machine learning are vulnerable to adversarial examples, even if the attacker only has black-box access to the model.
However, of these attacks is that they require executing the adversarial malware sample in a sandbox at each iteration of its optimization process, to ensure that its intrusive functionality is preserved.
In this talk, we present a novel black-box attack that leverages a set of semantics-preserving, constrained malware manipulations to overcome this computationally-demanding validation step.
Our attack is formalized as a constrained minimization problem which also enables optimizing the trade-off between the probability of evading detection and the size of the adversarial payload.
We investigate this trade-off empirically, on two static malware detectors, and show that our black-box attack is able to bypass them with only few iterations.
We conclude by discussing the limitations of our approach, and possible future extensions to target dynamic-based malware classifiers.
Luca Demetrio is a third-year Ph.D. student of the “Università degli Studi di Genova”, in Italy.
His main interests focus on the application of Adversarial Machine Learning techniques for Malware Detection.
Jointly working with Prof. Biggio, he is developing new white-box and black-box attacks against these kinds of detectors, leveraging the manipulation of malware samples with transformations that are semantics-invariant by design.
Partnerships and collaborations drive progress and technological advances. With travel restrictions ...
Michal is one of the chief architects behind CyberSec&AI Connected, which takes place online on ...
Bobby Filar is the Lead Data Scientist at Elastic where he employs machine learning and natural lang...