Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection

Malware remains a big threat to cyber security, calling for machine learning based malware detection. While promising, such detectors are known to be vulnerable to evasion attacks. Ensemble learning typically facilitates countermeasures, while attackers can leverage this technique to improve attack...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on information forensics and security 2020, Vol.15, p.3886-3900
Main Authors: Li, Deqiang, Li, Qianmu
Format: Article
Language:English
Subjects:
Adversarial Machine Learning
Adversarial Malware Detection
Artificial neural networks
Computer crime
Countermeasures
Cybersecurity
Deep Neural Networks
Detectors
Ensemble
Feature extraction
Machine learning
Malware
Military technology
Neural networks
Robustness
Sensors
Training
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Malware remains a big threat to cyber security, calling for machine learning based malware detection. While promising, such detectors are known to be vulnerable to evasion attacks. Ensemble learning typically facilitates countermeasures, while attackers can leverage this technique to improve attack effectiveness as well. This motivates us to investigate which kind of robustness the ensemble defense or effectiveness the ensemble attack can achieve, particularly when they combat with each other. We thus propose a new attack approach, named mixture of attacks, by rendering attackers capable of multiple generative methods and multiple manipulation sets, to perturb a malware example without ruining its malicious functionality. This naturally leads to a new instantiation of adversarial training, which is further geared to enhancing the ensemble of deep neural networks. We evaluate defenses using Android malware detectors against 26 different attacks upon two practical datasets. Experimental results show that the new adversarial training significantly enhances the robustness of deep neural networks against a wide range of attacks, ensemble methods promote the robustness when base classifiers are robust enough, and yet ensemble attacks can evade the enhanced malware detectors effectively, even notably downgrading the VirusTotal service.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2020.3003571