Jisuanji kexue yu tansuo (Oct 2022)

Adversarial Example Remaining Availability and Functionality

  • XIAO Mao, GUO Chun, SHEN Guowei, JIANG Chaohui

DOI
https://doi.org/10.3778/j.issn.1673-9418.2103057
Journal volume & issue
Vol. 16, no. 10
pp. 2286 – 2297

Abstract

Read online

Malware detection method based on gray images has received a lot of attention because it does not require disassembly and can obtain a high detection accuracy. There are some adversarial attacks against this type of detection method which has been put forward, but most of the current adversarial attack methods cannot ensure that the generated adversarial examples can remain the availability or functionality of the original PE file, or choose to add bytecode at the bottom of a PE file that is easy to be accurately detected through the file header information. Based on the analysis of the section alignment mechanism and file alignment mechanism of PE files, this paper proposes a bytecode attack method that can remain the availability and functionality (BARAF) of PE files. By modifying or adding bytecodes in the gap spaces generated by the file alignment mechanism and the expansion spaces derived from the section alignment mechanism, BARAF generates the adversarial example that can remain the availability and functionality to deceive the malware detection method based on gray images. Experimental results show that the adversarial examples generated by BARAF can reduce the accuracy of the malware detection method based on gray images by 31.58 percentage points at most, and it is difficult to detect the adversarial examples accurately through the file header information.

Keywords