本文按照时间顺序整理了恶意软件攻防对抗(或更进一步是机器学习、深度学习的安全)近些年来的文献发表情况,希望能和对该领域感兴趣的研究人员做一个分享。
有些文献我只是大概地浏览了一下,如下文有错误,请为我指出来,感激不尽!
感兴趣的朋友可以在评论里交流(勿喷),或者可以认识一下(留下联系方式)。?
本文将按照:发表时间、论文名、收录会议(C)或期刊(J)等 的顺序列出文献并对其作简要介绍
其中:
A / T,attack \ defence,攻击 \ 防御
T,type,恶意软件类型
D,dataset,数据集
M,method,所用的方法
R,result,实验结果
C,contribution,我认为作者的主要贡献(可能会片面)
红色、蓝色、黑色的文章标题是我认为文章的阅读价值降序
1. 2013年及以前 (共0篇)
2. 2014年 (共1篇)
2.1 Explaining and harnessing adversarial examples (arXiv, 后发表于 ICLR 2015) [15]
A / T:白盒 / 对抗训练
M:对对抗样本的存在性进行分析,给出著名的FGSM这种有效生成对抗样本的方法,以及对抗训练这种有效的防御方法
T:图片
D:MNIST
R:-
C:近些年对抗工作的开山文章
3. 2015年 (共2篇)
3.1 Malware images: visualization and automatic classification (Symposium on visualization for cyber security) [14]
D:新方法
M:将恶意软件二进制字节转变成图片,再通过图分类技术实现恶意软件的分类
T:Windows PE
D:9458 malware, 25 families
R:98.08%
C:恶意软件可视化的思路将其转变为图分类问题,且结果不错
3.2 Malware classification with recurrent networks (ICASSP, CCF-B) [16]
D:新结构
M:提出一种双向RNN为核心的恶意软件检测结构
T:Windows PE
D:250000 malware, 250000 benign samples
R:TPR 98.3%, FPR0.1%
C:较早的基于深度学习的恶意软件检测工作
4. 2016年 (共2篇)
4.1 Automatically evading classifiers (NDSS, CCF-B) [1]
A:黑盒(分数)
M:遗传算法
T:PDF
D:500 seed samples from Contagio archive
R:100%
C:遗传算法的角度新颖,黑盒攻击难度大,且结果较好
4.2 Adversarial perturbations against deep neural networks for malware classification (arXiv) [2]
C:应该是[3]的预发表版本
5. 2017年 (共4篇)
5.1 Adversarial examples for malware detection (ESORICS, CCF-B) [3]
A:白盒
M:作者把自己之前在EUROS&P提出的想法在Android这里应用并分析了一下,主要还是基于FGSM的思想
T:Android
D:DREBIN:123453 benign & 5560 malicious 54533 feature space
R:63%
C:实验和分析比较完整
5.2 Evading machine learning malware detection (Black Hat) [6]
A:黑盒
M:强化学习
T:Windows PE
D:200 samples
R:16%
C:结果一般,但引入了强化学习的思路
5.3 Generating adversarial malware examples for black-box attacks based on GAN (arXiv) [7]
A:黑盒
M:引入GAN,使用多种机器学习模型去拟合黑盒检测器以生成替代检测器,再对替代检测器进行GAN的白盒攻击
T:Windows PE
D: https://malwr.com/:180000 samples,30%malware
R:多组实验达到100%
C:北大同学的文章,较早引入GAN的工作,实验完整
5.4 Adversary resistant deep neural networks with an application to malware detection (KDD, CCF-A) [9]
D:增强结构
M:在输入层与第一层隐藏层之间加入随机特征无效化层,将输入数据随机置零,以削弱对抗样本
T:Windows PE
D:29078 benign, 14679 malicious
R:无效化比例10%=>90%时,抵抗力34.36%=>64.86%
C:类似dropout的思路,实验完整,结果不错,文章写得很好
6. 2018年 (共7篇)
6.1 Malware detection by eating a whole exe (AAAI workshop, CCF-A) [11]
D:新结构
M:提出一种基于卷积神经网络的恶意软件检测模型
T:Windows PE
D:Virus Share、OpenMalware、MS Windows、Misc:301575 malicious,291285 benign Industry partner:240000 malicious 237349 benign
R:94%(最好的一组实验)
C:一些比较权威机构研究人员的合作成果,具有代表性
6.2 Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables (arXiv) [4]
A:白盒
M:通过目标函数对输入的导数方向选择并在文件末尾增加字节来产生对抗样本
T:Windows PE
D:VirusShare、Citadel和APT:19195 malware Popular search engines:4000 benign software
R:60%
C:似乎是第一个攻击Malconv的比较成功的工作,尽管是白盒,但是结果还行
6.3 Deceiving end-to-end deep learning malware detectors using adversarial examples (CoRR) [5]
A:白盒
M:修改了FGSM的损失函数,使其能更好应用于恶意软件数据的离散性
T:Windows PE
D:ninite: 7150 benign samples Microsoft Kaggle 2015 dataset:10866 malware
R:100%(最好的一组实验的结果)
C:修改了FGSM的损失函数,使其能更好应用于恶意软件数据的离散性
6.4 Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers (RAID, CCF-B) [8]
A:黑盒
M:通过插入API序列产生对抗样本
T:Windows PE
D:250000 benign samples 250000 malicious samples
R:多组实验达到100%
C:使用插入API序列的方式,使用了动态特征,实验做的非常完整
6.5 HeNet: A Deep Learning Approach on Intel $^\circledR $ Processor Trace for Effective Exploit Detection (arXiv) [12]
D:新结构
M:使用CPU的PT模块检测软件的运行并生成相应的trace,将其通过解码并切割成图片序列,再使用迁移学习解决恶意软件的图分类问题
T:PDF
D:348 benign,299 malicious
R:100%
C:使用硬件提取特征信息的思路不错
6.6 Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders (Information Sciences, CCF-B) [10]
D:新结构
M:提出tDCGAN,先将恶意软件转成图片形式,用自编码器做GAN的生成器,训练好的判别器通过迁移学习用于零日恶意软件的检测
T:Windows PE
D:Microsoft Kaggle Challenge:10800 malware
R:95.74%
C:零日恶意软件检测新思路,将迁移学习和DCGAN结合,文章写的不错
6.7 Behavioral Malware Classification using Convolutional Recurrent Neural Networks (arXiv) [13]
D:新结构
M:提出针对行为进行恶意软件类别划分的新模型:一种基于卷积和LSTM的网络结构
T:Windows Prefetch File
D:VirusShare:100000 malware
R:0.854 (F1 Score)
C:在基于行为的恶意软件分类任务中的精度算比较高的
参考文献
[1] Xu W, Qi Y, Evans D. Automatically evading classifiers[C]//Proceedings of the 2016 Network and Distributed Systems Symposium. 2016.
[2] Grosse K, Papernot N, Manoharan P, et al. Adversarial perturbations against deep neural networks for malware classification[J]. arXiv preprint arXiv:1606.04435, 2016.
[3] Grosse K, Papernot N, Manoharan P, et al. Adversarial examples for malware detection[C]//European Symposium on Research in Computer Security. Springer, Cham, 2017: 62-79.
[4] Kolosnjaji B, Demontis A, Biggio B, et al. Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables[J]. arXiv preprint arXiv:1803.04173, 2018.
[5] Kreuk F, Barak A, Aviv-Reuven S, et al. Deceiving end-to-end deep learning malware detectors using adversarial examples[M]//CoRR. 2018.
[6] Anderson H S, Kharkar A, Filar B, et al. Evading machine learning malware detection[J]. Black Hat, 2017.
[7] Hu W, Tan Y. Generating adversarial malware examples for black-box attacks based on GAN[J]. arXiv preprint arXiv:1702.05983, 2017.
[8] Rosenberg I, Shabtai A, Rokach L, et al. Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers[C]//International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, Cham, 2018: 490-510.
[9] Wang Q, Guo W, Zhang K, et al. Adversary resistant deep neural networks with an application to malware detection[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 2017: 1145-1153.
[10] Kim J Y, Bu S J, Cho S B. Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders[J]. Information Sciences, 2018, 460: 83-102.
[11] Raff E, Barker J, Sylvester J, et al. Malware detection by eating a whole exe[C]//Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence. 2018.
[12] Chen L, Sultana S, Sahita R. HeNet: A Deep Learning Approach on Intel $^\circledR $ Processor Trace for Effective Exploit Detection[J]. arXiv preprint arXiv:1801.02318, 2018.
[13] Alsulami B, Mancoridis S. Behavioral Malware Classification using Convolutional Recurrent Neural Networks[J]. arXiv preprint arXiv:1811.07842, 2018.
[14] Nataraj L, Karthikeyan S, Jacob G, et al. Malware images: visualization and automatic classification[C]//Proceedings of the 8th international symposium on visualization for cyber security. ACM, 2011: 4.
[15] Goodfellow I J, Shlens J, Szegedy C. Explaining and harnessing adversarial examples (2014)[J]. arXiv preprint arXiv:1412.6572.
[16] Pascanu R, Stokes J W, Sanossian H, et al. Malware classification with recurrent networks[C]//Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE International Conference on. IEEE, 2015: 1916-1920.
