A Feasibility Study on Evasion Attacks Against NLP-Based Macro Malware Detection Algorithms

Mamoru Mimura; Risa Yamamoto

doi:10.1109/ACCESS.2023.3339827

IEEE Access (Jan 2023)

A Feasibility Study on Evasion Attacks Against NLP-Based Macro Malware Detection Algorithms

Mamoru Mimura,
Risa Yamamoto

Affiliations

Mamoru Mimura: ORCiD; National Defense Academy of Japan, Yokosuka, Japan
Risa Yamamoto: Japan Ground Self-Defense Force, Shinjuku-ku, Japan

DOI: https://doi.org/10.1109/ACCESS.2023.3339827
Journal volume & issue: Vol. 11
pp. 138336 – 138346

Abstract

Read online

Machine learning-based models for malware detection have gained prominence in order to detect obfuscated malware. These models extract malicious features and endeavor to classify samples as either malware or benign entities. Conversely, these benign features can be employed to imitate benign samples. With respect to Android applications, numerous researchers have assessed the hazard and tackled the problem. This evasive technique can be extended to other malicious scripts, such as macro malware. In this paper, we investigate the potential for evasive attacks against natural language processing (NLP)-based macro malware detection algorithms. We assess three language models as methods for feature extraction: Bag of Words, Latent Semantic Analysis, and Paragraph Vector. Our experimental result demonstrates that the detection rate declines to 2 percent when benign features are inserted into actual macro malware. This approach is effective even against advanced language models.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords