Enhancing the insertion of NOP instructions to obfuscate malware via deep reinforcement learning
| dc.contributor.author | Gibert Llauradó, Daniel | |
| dc.contributor.author | Fredrikson, Matt | |
| dc.contributor.author | Mateu Piñol, Carles | |
| dc.contributor.author | Planes Cid, Jordi | |
| dc.date.accessioned | 2022-01-18T11:49:27Z | |
| dc.date.available | 2022-01-18T11:49:27Z | |
| dc.date.issued | 2022 | |
| dc.description.abstract | Current state-of-the-art research for tackling the problem of malware detection and classification is centered on the design, implementation and deployment of systems powered by machine learning because of its ability to generalize to never-before-seen malware families and polymorphic mutations. However, it has been shown that machine learning models, in partidular deep neural networks, lack robustness against crafted inputs (adversarial examples). In this work, we have investigated the vulnerability of a state-of-the-art shallow convolutional neural network malware classifier against the deat code insertion technique. We propose a general framework powered by a Double Q-network to induce misclassification over malware families. The framework trains an agent through a convolutional neural network to select the optimal positions in a code sequence to insert dead code instructions so that the machine learning classifier mislabels the resulting executable. The experiments show that the proposed method significantly drops the classification accuracy of the classifier to 56.53% while having an evasion rate of 100% for the samples belonging to Kelihos_ver3, Simda, and Kelihos_ver1 families. In addition, the average number of instructions needed to mislabel malware in comparison to a random agent decreased by 33%. | ca_ES |
| dc.description.sponsorship | This project has received funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No. 847402. This research has been partially funded by the Spanish MICINN Projects TIN2015-71799-C2-2-P, ENE2015-64117-C5-1-R, PID2019-111544GB-C22, and supported by the University of Lleida. | ca_ES |
| dc.identifier.doi | https://doi.org/10.1016/j.cose.2021.102543 | |
| dc.identifier.idgrec | 031799 | |
| dc.identifier.issn | 0167-4048 | |
| dc.identifier.uri | http://hdl.handle.net/10459.1/72778 | |
| dc.language.iso | eng | ca_ES |
| dc.publisher | Elsevier | ca_ES |
| dc.relation | info:eu-repo/grantAgreement/MINECO//TIN2015-71799-C2-2-P/ES/RAZONAMIENTO, SATISFACCION Y OPTIMIZACION: ARGUMENTACION Y PROBLEMAS/ | ca_ES |
| dc.relation | info:eu-repo/grantAgreement/MINECO//ENE2015-64117-C5-1-R/ES/IDENTIFICACION DE BARRERAS Y OPORTUNIDADES SOSTENIBLES EN LOS MATERIALES Y APLICACIONES DEL ALMACENAMIENTO DE ENERGIA TERMICA/ | ca_ES |
| dc.relation | info:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación CientÃfica y Técnica y de Innovación 2017-2020/PID2019-111544GB-C22/ES/SISTEMAS DE INFERENCIA PARA INFORMACION INCONSISTENTE: ANALISIS ARGUMENTATIVO/ | ca_ES |
| dc.relation.isformatof | Versió preprint del document publicat a https://doi.org/10.1016/j.cose.2021.102543 | ca_ES |
| dc.relation.ispartof | Computers and Security, 2022, vol. 113, 102543 | ca_ES |
| dc.relation.projectID | info:eu-repo/grantAgreement/EC/H2020/847402/EU/Career-FIT PLUS | |
| dc.rights | (c) Elsevier, 2021 | ca_ES |
| dc.rights.accessRights | info:eu-repo/semantics/openAccess | ca_ES |
| dc.subject | Malware Classification | ca_ES |
| dc.subject | Assembly Language Source Code | ca_ES |
| dc.subject | Obfuscation | ca_ES |
| dc.subject | Reinforcement Learning | ca_ES |
| dc.subject | Deep Q-Network | ca_ES |
| dc.title | Enhancing the insertion of NOP instructions to obfuscate malware via deep reinforcement learning | ca_ES |
| dc.type | info:eu-repo/semantics/article | ca_ES |
| dc.type.version | info:eu-repo/semantics/submittedVersion | ca_ES |