| 基于模型解释的PE文件对抗性恶意代码检测 |
| |
| 引用本文: | 田志成,张伟哲,乔延臣,刘洋.基于模型解释的PE文件对抗性恶意代码检测[J].软件学报,2023,34(4):1926-1943. |
| |
| 作者姓名: | 田志成 张伟哲 乔延臣 刘洋 |
| |
| 作者单位: | 哈尔滨工业大学(深圳) 计算机科学与技术学院, 广东 深圳 518055;哈尔滨工业大学(深圳) 计算机科学与技术学院, 广东 深圳 518055;鹏城实验室, 广东 深圳 518055 |
| |
| 基金项目: | 广东省重点领域研发计划(2019B010136001); 深圳市基础研究专项资金(JCYJ20190806143418198) |
| |
| 摘 要: | 深度学习已经逐渐应用于恶意代码检测并取得了不错的效果.然而,最近的研究表明:深度学习模型自身存在不安全因素,容易遭受对抗样本攻击.在不改变恶意代码原有功能的前提下,攻击者通过对恶意代码做少量修改,可以误导恶意代码检测器做出错误的决策,造成恶意代码的漏报.为防御对抗样本攻击,已有的研究工作中最常用的方法是对抗训练.然而对抗训练方法需要生成大量对抗样本加入训练集中重新训练模型,效率较低,并且防御效果受限于训练中所使用的对抗样本生成方法.为此,提出一种PE文件格式恶意代码对抗样本检测方法,针对在程序功能无关区域添加修改的一类对抗样本攻击,利用模型解释技术提取端到端恶意代码检测模型的决策依据作为特征,进而通过异常检测方法准确识别对抗样本.该方法作为恶意代码检测模型的附加模块,不需要对原有模型做修改,相较于对抗训练等其他防御方法效率更高,且具有更强的泛化能力,能够防御多种对抗样本攻击.在真实的恶意代码数据集上进行了实验,实验结果表明,该方法能够有效防御针对端到端PE文件恶意代码检测模型的对抗样本攻击.
|
| 关 键 词: | 对抗样本 恶意代码检测 模型解释 异常检测 深度学习 |
| 收稿时间: | 2020/7/4 0:00:00 |
| 修稿时间: | 2021/7/30 0:00:00 |
Detection of Adversarial PE File Malware via Model Interpretation |
| |
| TIAN Zhi-Cheng,ZHANG Wei-Zhe,QIAO Yan-Chen,LIU Yang.Detection of Adversarial PE File Malware via Model Interpretation[J].Journal of Software,2023,34(4):1926-1943. |
| |
| Authors: | TIAN Zhi-Cheng ZHANG Wei-Zhe QIAO Yan-Chen LIU Yang |
| |
| Affiliation: | College of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen 518055, China;College of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen 518055, China;Pengcheng Laboratory, Shenzhen 518055, China |
| |
| Abstract: | Deep learning has been used in the field of malware detection and achieved great results. However, recent research shows that deep learning models are not safe, and they are vulnerable to adversarial attacks. Attackers can make malware detectors give wrong output by making a few modifications to the malware without changing the original function, resulting in the omission of malware. To defend adversarial examples, the most commonly used method in previous work is adversarial training. Adversarial training requires generating a large number of adversarial examples to retrain the model, which is inefficient. Besides, the defense effect is limited by the adversarial example generation method used in training. As such, a new method is proposed to detect adversarial malware in PE format, aiming at the type of adversarial attacks that add modification to the function independent area of PE file. By using model interpretation techniques, the decision-making basis of the end-to-end malware detection model can be analyzed and the features of adversarial examples are extracted. Anomaly detection techniques are further used to identify adversarial examples. As an add-on module of the malware detection model, the proposed method does not require modifying the original model and does not need to retrain the model. Compared with other defense methods such as adversarial training, this method is more efficient and has better generalization ability which means it can defend against a variety of adversarial attack methods The proposed method is evaluated on a real-world dataset of malware. Promising results show that the method can effectively defend the adversarial attacks against the end-to-end PE format malware detection model. |
| |
| Keywords: | adversarial examples malware detection model interpretation anomaly detection deep learning |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
