Universitat de Lleida
    • English
    • català
    • español
  • English 
    • English
    • català
    • español
  • Login
Repositori Obert UdL
View Item 
  •   Home
  • Recerca
  • Informàtica i Enginyeria Industrial
  • Articles publicats (Informàtica i Enginyeria Industrial)
  • View Item
  •   Home
  • Recerca
  • Informàtica i Enginyeria Industrial
  • Articles publicats (Informàtica i Enginyeria Industrial)
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Enhancing the insertion of NOP instructions to obfuscate malware via deep reinforcement learning

Thumbnail
View/Open
Preprint (579.0Kb)
Issue date
2022
Author
Gibert Llauradó, Daniel
Fredrikson, Matt
Mateu Piñol, Carles
Planes Cid, Jordi
Suggested citation
Gibert Llauradó, Daniel; Fredrikson, Matt; Mateu Piñol, Carles; Planes Cid, Jordi; . (2022) . Enhancing the insertion of NOP instructions to obfuscate malware via deep reinforcement learning. Computers and Security, 2022, vol. 113, 102543. https://doi.org/10.1016/j.cose.2021.102543.
Impact


Web of Science logo    citations in Web of Science

Scopus logo    citations in Scopus

Google Scholar logo  Google Scholar
Share
Export to Mendeley
Metadata
Show full item record
Abstract
Current state-of-the-art research for tackling the problem of malware detection and classification is centered on the design, implementation and deployment of systems powered by machine learning because of its ability to generalize to never-before-seen malware families and polymorphic mutations. However, it has been shown that machine learning models, in partidular deep neural networks, lack robustness against crafted inputs (adversarial examples). In this work, we have investigated the vulnerability of a state-of-the-art shallow convolutional neural network malware classifier against the deat code insertion technique. We propose a general framework powered by a Double Q-network to induce misclassification over malware families. The framework trains an agent through a convolutional neural network to select the optimal positions in a code sequence to insert dead code instructions so that the machine learning classifier mislabels the resulting executable. The experiments show that the proposed method significantly drops the classification accuracy of the classifier to 56.53% while having an evasion rate of 100% for the samples belonging to Kelihos_ver3, Simda, and Kelihos_ver1 families. In addition, the average number of instructions needed to mislabel malware in comparison to a random agent decreased by 33%.
URI
http://hdl.handle.net/10459.1/72778
DOI
https://doi.org/10.1016/j.cose.2021.102543
Is part of
Computers and Security, 2022, vol. 113, 102543
European research projects
Collections
  • Articles publicats (Informàtica i Enginyeria Industrial) [990]
  • Publicacions de projectes de recerca del Plan Nacional [2958]

Contact Us | Send Feedback | Legal Notice
© 2023 BiD. Universitat de Lleida
Metadata subjected to 
 

 

Browse

All of the repositoryCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

Statistics

View Usage Statistics

D'interès

Política institucional d'accés obertDiposita les teves publicacionsDiposita dades de recercaSuport a la recerca

Contact Us | Send Feedback | Legal Notice
© 2023 BiD. Universitat de Lleida
Metadata subjected to