A Feasibility Study on Evasion Attacks Against NLP-Based Macro Malware Detection Algorithms

Machine learning-based models for malware detection have gained prominence in order to detect obfuscated malware. These models extract malicious features and endeavor to classify samples as either malware or benign entities. Conversely, these benign features can be employed to imitate benign samples...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2023, Vol.11, p.138336-138346
Main Authors: Mimura, Mamoru, Yamamoto, Risa
Format: Article
Language:English
Subjects:
Algorithms
Classification algorithms
evasion attack
Feasibility studies
Feature extraction
LSA
Machine learning
Machine learning algorithms
Macro malware
Malware
Natural language processing
paragraph vector
Semantics
Source coding
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Machine learning-based models for malware detection have gained prominence in order to detect obfuscated malware. These models extract malicious features and endeavor to classify samples as either malware or benign entities. Conversely, these benign features can be employed to imitate benign samples. With respect to Android applications, numerous researchers have assessed the hazard and tackled the problem. This evasive technique can be extended to other malicious scripts, such as macro malware. In this paper, we investigate the potential for evasive attacks against natural language processing (NLP)-based macro malware detection algorithms. We assess three language models as methods for feature extraction: Bag of Words, Latent Semantic Analysis, and Paragraph Vector. Our experimental result demonstrates that the detection rate declines to 2 percent when benign features are inserted into actual macro malware. This approach is effective even against advanced language models.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2023.3339827