Auditing static machine learning anti-Malware tools against metamorphic attacks
MetadataShow full item record
Malicious software is one of the most serious cyber threats on the Internet today. Traditional malware detection has proven unable to keep pace with the sheer number of malware because of their growing complexity, new attacks and variants. Most malware implement various metamorphic techniques in order to disguise themselves, therefore preventing successful analysis and thwarting the detection by signature-based anti-malware engines. During the past decade, there has been an increase in the research and deployment of anti-malware engines powered by machine learning, and in particular deep learning, due to their ability to handle huge volumes of malware and generalize to never-before-seen samples. However, there is little research about the vulnerability of these models to adversarial examples. To fill this gap, this paper presents an exhaustive evaluation of the state-of-the-art approaches for malware classification against common metamorphic attacks. Given the limitations found in deep learning approaches, we present a simple architecture that increases 14.95% the classification performance with respect to MalConv’s architecture. Furthermore, the use of the metamorphic techniques to augment the training set is investigated and results show that it significantly improves the classification of malware belonging to families with few samples.
Is part ofComputers and Security, 2021, vol. 102, p. 102159 (23 pp.)
European research projects
Showing items related by title, author, creator and subject.
The rise of machine learning for detection and classification of malware: Research developments, trends and challenge Gibert Llauradó, Daniel; Mateu Piñol, Carles; Planes Cid, Jordi (Elsevier, 2020)The struggle between security analysts and malware developers is a never-ending battle with the complexity of malware changing as quickly as innovation grows. Current state-of-the-art research focus on the development and ...
Gibert Llauradó, Daniel; Mateu Piñol, Carles; Planes Cid, Jordi; Vicens, Ramon (Springer, 2019)The number of malicious files detected every year are counted by millions. One of the main reasons for these high volumes of different files is the fact that, in order to evade detection, malware authors add mutation. This ...
Gibert Llauradó, Daniel (Universitat de Lleida, 2020-12-15)