skip to main content
10.1145/3097983.3098158acmconferencesArticle/Chapter ViewAbstractPublication PageskddConference Proceedingsconference-collections
research-article

Adversary Resistant Deep Neural Networks with an Application to Malware Detection

Published: 13 August 2017 Publication History

Abstract

Outside the highly publicized victories in the game of Go, there have been numerous successful applications of deep learning in the fields of information retrieval, computer vision, and speech recognition. In cybersecurity, an increasing number of companies have begun exploring the use of deep learning (DL) in a variety of security tasks with malware detection among the more popular. These companies claim that deep neural networks (DNNs) could help turn the tide in the war against malware infection. However, DNNs are vulnerable to adversarial samples, a shortcoming that plagues most, if not all, statistical and machine learning models. Recent research has demonstrated that those with malicious intent can easily circumvent deep learning-powered malware detection by exploiting this weakness.
To address this problem, previous work developed defense mechanisms that are based on augmenting training data or enhancing model complexity. However, after analyzing DNN susceptibility to adversarial samples, we discover that the current defense mechanisms are limited and, more importantly, cannot provide theoretical guarantees of robustness against adversarial sampled-based attacks. As such, we propose a new adversary resistant technique that obstructs attackers from constructing impactful adversarial samples by randomly nullifying features within data vectors. Our proposed technique is evaluated on a real world dataset with 14,679 malware variants and 17,399 benign programs. We theoretically validate the robustness of our technique, and empirically show that our technique significantly boosts DNN robustness to adversarial samples while maintaining high accuracy in classification. To demonstrate the general applicability of our proposed method, we also conduct experiments using the MNIST and CIFAR-10 datasets, widely used in image recognition research.

References

[1]
Hyrum Anderson, Jonathan Woodbridge, and Bobby Filar. 2016. DeepDGA: Adversarially-Tuned Domain Generation and Detection. arXiv:1610.01969 [cs.CR] (2016).
[2]
Matt Wolff Andrew Davis. 2015. Deep Learning on Dis- assembly. https://www.blackhat.com/docs/us-15/materials/ us-15-Davis-Deep-Learning-On-Disassembly.pdf.
[3]
Marco Barreno, Blaine Nelson, Anthony D. Joseph, and J. D. Tygar. 2010. The Security of Machine Learning. Mach. Learn. 81, 2 (Nov. 2010), 121--148.
[4]
Konstantin Berlin, David Slater, and Joshua Saxe. 2015. Malicious behavior detection using windows audit logs. In Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security. ACM, 35--44.
[5]
Ran Bi. 2015. Deep Learning can be easily fooled. http://www.kdnuggets.com/ 2015/01/deep-learning-can-be-easily-fooled.html.
[6]
Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim Srndic, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion Attacks against Machine Learning at Test Time. In ECML/PKDD (3).
[7]
BIZETY 2016. Deep Learning Neural Nets Are Effective Against AI Malware. BIZETY. https://www.bizety.com/2016/02/05/ deep-learning-neural-nets-are-effective-against-ai-malware/.
[8]
George Dahl, Jack W. Stokes, Li Deng, and Dong Yu. 2013. Large-Scale Malware Classification Using Random Projections and Neural Networks. In Proceedings IEEE Conference on Acoustics, Speech, and Signal Processing.
[9]
Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).
[10]
Kathrin Grosse, Nicolas Papernot, Praveen Manoharan, Michael Backes, and Patrick McDaniel. 2016. Adversarial Perturbations Against Deep Neural Networks for Malware Classification. arXiv preprint arXiv:1606.04435 (2016).
[11]
Shixiang Gu and Luca Rigazio. 2014. Towards deep neural network architectures robust to adversarial examples. arXiv:1412.5068 [cs] (2014).
[12]
Mike James. 2014. The Flaw Lurking In Every Deep Neural Net . http://www.i-programmer.info/news/105-artificial-intelligence/ 7352-the-flaw-lurking-in-every-deep-neural-net.html.
[13]
D.K. Kang, J. Zhang, A. Silvescu, and V. Honavar. 2005. Multinomial event model based abstraction for sequence and text classification. Abstraction, Reformulation and Approximation (2005), 901--901.
[14]
Will Knight. 2015. Antivirus that Mimics the Brain Could Catch More Malware. https://www.technologyreview.com/s/542971/ antivirus-that-mimics-the-brain-could-catch-more-malware/.
[15]
Alex Krizhevsky and Geoffrey Hinton. 2009. Learning multiple layers of features from tiny images. (2009).
[16]
Yann LeCun, Corinna Cortes, and Christopher JC Burges. 1998. The MNIST database of handwritten digits. (1998).
[17]
Cade Metz. 2015. Baidu, the Chinese Google, Is Teaching AI to Spot Malware. https://www.wired.com/2015/11/ baidu-the-chinese-google-is-teaching-ai-to-spot-malware/.
[18]
MIT Technology Review 2016. Machine-Learning Algorithm Combs the Darknet for Zero Day Exploits, and Finds them. MIT Technology Review.
[19]
Linda Musthaler. 2016. How to use deep learning AI to detect and prevent malware and APTs in real-time.
[20]
Alexander G. Ororbia II, C. Lee Giles, and Daniel Kifer. 2016. Unifying Adversarial Training Algorithms with Flexible Deep Data Gradient Regularization. arXiv:1601.07213 [cs] (2016).
[21]
Nicolas Papernot, Patrick McDaniel, Somesh Jha, Matt Fredrikson, Z Berkay Celik, and Ananthram Swami. 2016. The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 372--387.
[22]
Nicolas Papernot, Patrick McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami. 2015. Distillation as a defense to adversarial perturbations against deep neural networks. arXiv preprint arXiv:1511.04508 (2015).
[23]
Joshua Saxe and Konstantin Berlin. 2015. Deep Neural Network Based Malware Detection Using Two Dimensional Binary Program Features. CoRR (2015).
[24]
Nitish Srivastava, Geoffrey E Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov. 2014. Dropout: a simple way to prevent neural networks from overfitting. Journal of Machine Learning Research 15, 1 (2014), 1929--1958.
[25]
Nedim Srndic and Pavel Laskov. 2014. Practical Evasion of a Learning-Based Classifier: A Case Study. In Proceedings of the 2014 IEEE Symposium on Security and Privacy .
[26]
Symantec 2016. Internet Security Threat Report. Symantec. https://www.symantec. com/content/dam/symantec/docs/reports/istr-21--2016-en.pdf.
[27]
Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In International Conference on Learning Representations.
[28]
Zhenlong Yuan, Yongqiang Lu, Zhaoguo Wang, and Yibo Xue. 2014. Droid-Sec: Deep Learning in Android Malware Detection. In Proceedings of the 2014 ACM Conference on SIGCOMM (SIGCOMM '14)

Cited By

View all
  • (2025)Forest pest monitoring and early warning using UAV remote sensing and computer vision techniquesScientific Reports10.1038/s41598-024-84464-315:1Online publication date: 2-Jan-2025
  • (2025)Adversarial machine learning threat analysis and remediation in Open Radio Access Network (O-RAN)Journal of Network and Computer Applications10.1016/j.jnca.2024.104090236(104090)Online publication date: Apr-2025
  • (2024)Malware traffic detection based on type II fuzzy recognitionFrontiers in Physics10.3389/fphy.2024.135011712Online publication date: 22-Apr-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
KDD '17: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining
August 2017
2240 pages
ISBN:9781450348874
DOI:10.1145/3097983
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 August 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. adversarial sample
  2. deep neural networks
  3. image recognition
  4. malware classification

Qualifiers

  • Research-article

Conference

KDD '17
Sponsor:

Acceptance Rates

KDD '17 Paper Acceptance Rate 64 of 748 submissions, 9%;
Overall Acceptance Rate 1,133 of 8,635 submissions, 13%

Upcoming Conference

KDD '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)64
  • Downloads (Last 6 weeks)8
Reflects downloads up to 09 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Forest pest monitoring and early warning using UAV remote sensing and computer vision techniquesScientific Reports10.1038/s41598-024-84464-315:1Online publication date: 2-Jan-2025
  • (2025)Adversarial machine learning threat analysis and remediation in Open Radio Access Network (O-RAN)Journal of Network and Computer Applications10.1016/j.jnca.2024.104090236(104090)Online publication date: Apr-2025
  • (2024)Malware traffic detection based on type II fuzzy recognitionFrontiers in Physics10.3389/fphy.2024.135011712Online publication date: 22-Apr-2024
  • (2024)MaskDroid: Robust Android Malware Detection with Masked Graph RepresentationsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695008(331-343)Online publication date: 27-Oct-2024
  • (2024)A Multi-Task Adversarial Attack against Face AuthenticationACM Transactions on Multimedia Computing, Communications, and Applications10.1145/366549620:11(1-24)Online publication date: 21-May-2024
  • (2024)Modelling Data Poisoning Attacks Against Convolutional Neural NetworksJournal of Information & Knowledge Management10.1142/S021964922450022923:02Online publication date: 1-Feb-2024
  • (2024)MalPatch: Evading DNN-Based Malware Detection With Adversarial PatchesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.333356719(1183-1198)Online publication date: 2024
  • (2024)Internet-Based Social Engineering Psychology, Attacks, and Defenses: A SurveyProceedings of the IEEE10.1109/JPROC.2024.3379855112:3(210-246)Online publication date: Mar-2024
  • (2024)Detection And Prevention of Malicious Activities In Vulnerable Network Security Using Deep Learning2024 International Conference on Innovations and Challenges in Emerging Technologies (ICICET)10.1109/ICICET59348.2024.10616289(1-6)Online publication date: 7-Jun-2024
  • (2024)Multi-Level Generative Pretrained Transformer for Improving Malware Detection Performance2024 7th International Conference on Artificial Intelligence and Big Data (ICAIBD)10.1109/ICAIBD62003.2024.10604442(99-104)Online publication date: 24-May-2024
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media