Unlock instant, AI-driven research and patent intelligence for your innovation.

A backdoor adversarial sample generation method for pe malware detection model

A technology for detecting models and malicious software, applied in neural learning methods, biological neural network models, computer components, etc. The effect of small calculation overhead and reduced interference

Active Publication Date: 2022-08-05
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, the generation method of adversarial samples for PE malware has the characteristics of poor generalization ability and high computational overhead. The construction of adversarial samples is generally designed for a specific detection model, which limits the generalization ability of adversarial samples on other detection models.
The construction of black-box adversarial samples requires a large number of query operations on the detection model to clarify the deceptive effect of the adversarial samples on the model. In practice, a large number of queries are time-consuming and laborious, which reduces the practicability of the adversarial sample generation method.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A backdoor adversarial sample generation method for pe malware detection model
  • A backdoor adversarial sample generation method for pe malware detection model
  • A backdoor adversarial sample generation method for pe malware detection model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] In order to better illustrate the purpose and advantages of the present invention, the embodiments of the method of the present invention will be described in further detail below with reference to examples.

[0023] The experimental data comes from the malware static signature dataset ember2017 and the public PE malware from virusshare.com. The ember2017 dataset contains feature data extracted from 1.1M binary files, of which the training set contains 900K samples, including 300K benign samples, 300K malicious samples, and 300K unlabeled samples; the test set contains 200K samples, including 100K benign samples and 100K malicious samples. The public PE malware from virusshare.com was used to simulate actual attack effects.

[0024] Table 1. Experimental data of PE malware black-box adversarial sample generation

[0025]

[0026] This experiment is carried out on a computer, the specific configuration of the computer is: Inter i7-7500U, CPU 3.1GHz, memory 8G, and t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a backdoor confrontation sample generation method based on a R-DBSCAN PE malware detection model, and belongs to the field of computer malware detection. The main purpose is to solve the problem that the malware detection model is difficult to attack in the black box situation. The invention first obtains PE samples from the public data set and trains the agent training model, adopts the SHAP value to reduce the dimension data set; adopts the R-DBSCAN method to cluster the samples, and takes the central node of each cluster as the sampling point to construct a new data set ;Train the neural network model; input malicious and benign sample files respectively, record the neurons that have a greater impact on the classification results according to the changes in the weights of neurons within the neural network; embed strings of any length into empty PE files, according to the weights of neurons The change situation takes the string that has a greater impact on it and records the neuron; the trigger is embedded in the original malicious PE file, and the label is modified to achieve adversarial training of the neural network.

Description

technical field [0001] The invention relates to a backdoor confrontation sample generation method for a PE malware detection model, which belongs to the field of computer malware detection. Background technique [0002] The detection technology for malware has been developing rapidly, but the number of new malware is still very considerable every year. With the development of deep learning, PE malware detection methods based on deep learning have become diverse. Statically analyze PE files, extract hexadecimal data features of files, and use deep learning methods to learn features. These methods have been able to detect malware with high accuracy. However, this type of malware detection model ignores the security of the detection system itself and the reliability of the data during the development process. If the malware detection model encounters a backdoor inserted by an attacker during the training process, the detection model will guarantee the normal input under normal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06K9/62G06N3/04G06N3/08
CPCG06F21/56G06N3/08G06N3/048G06N3/045G06F18/23
Inventor 罗森林韩飞潘丽敏张笈
Owner BEIJING INSTITUTE OF TECHNOLOGYGY