A Malware Adversarial Sample Generation Method Combined with API Fuzzing Technology
A malware and obfuscation technology, applied in the direction of electrical digital data processing, genetic rules, genetic models, etc., can solve the problem that it is difficult to ensure that the malware function is not damaged, the malware classifier has a high success rate of deception, and it is impossible to create an adversarial sample and other problems to achieve the effect of improving the damage of malicious software functions, improving the low success rate of deception, and meeting the actual needs
Active Publication Date: 2022-08-05
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF8 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] The basic problems to be solved in malware countermeasure generation methods are: generating irrelevant APIs to insert into the original API sequence, hiding imported API functions through an API obfuscation technique, and deceiving malware classifiers into misclassifications with a high success rate
But these methods usually break the functionality of the malware, resulting in the inability to create adversarial examples that can work effectively in practice.
[0008] To sum up, among the existing malware adversarial sample generation methods, the black-box-oriented attack method is more feasible, but it is difficult to guarantee that the malware function will not be destroyed after the disturbance is added, and that the adversarial samples can be used in real-world applications. counter attack
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0026] In order to better illustrate the purpose and advantages of the present invention, the embodiments of the method of the present invention will be described in further detail below with reference to examples.
[0027] The specific process is:
[0028] Step 1: Insert irrelevant API vectors into the original API call sequence, and generate malware feature vector X according to the modified API call sequence P , which initially realizes the obfuscation of malware features by adding redundant code.
[0029] Step 1.1, determine an ordered set V, which contains all the API functions that the PE program can call.
[0030] Step 1.2, let l be the length of the API call sequence used in the attack, X be the API malicious sequence of length l, and divide X into w of length n j ,in n is w j The number of API calls in each w j Randomly chooses an API position i ∈ {1…n} in , and inserts an API vector at position i: where ⊥ represents the concatenation operation, After ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to a malicious software countermeasure sample generation method combined with API fuzzy processing technology, and belongs to the technical field of computer and information science. The invention firstly inserts irrelevant API vectors into the original API calling sequence, and initially realizes the confusion of the feature functions of the malware; then implements the obfuscation operation of function call redirection on the samples to hide the function functions of the API; finally, the modified samples are Feed to a malware classifier, check if it achieves misclassification, solve an optimization problem using a genetic algorithm. The present invention has higher practicability and is more in line with actual needs; compared with the black-box-oriented confrontation sample generation method, the present invention not only does not destroy the original function of malware, but also has a high success rate in deceiving the malware classifier, The problem of not being able to balance the low success rate of adversarial sample deception and the broken malware function is greatly improved.
Description
technical field [0001] The invention relates to a malicious software countermeasure sample generation method combined with API fuzzy processing technology, and belongs to the technical field of computer and information science. Background technique [0002] Due to a large number of malware attacks in cyberspace, machine learning technology has been widely used in malware detection and classification. In order to evaluate the attack resistance of malware detection models, it is particularly important to study attack methods for malware detection models. At the same time, the deep model itself has been proven to be vulnerable to adversarial samples. So far, although adversarial learning has been an active research field, most of the research on adversarial samples is mostly applied in the field of image recognition. Adversarial attack methods for malware detection systems are in the minority, and most adversarial sample generation methods cannot guarantee the executability of ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06N3/12
CPCG06F21/562G06N3/126
Inventor 罗森林张荣倩潘丽敏闫晗张笈
Owner BEIJING INSTITUTE OF TECHNOLOGYGY