Jisuanji kexue yu tansuo (Feb 2024)
Adversarial Examples with Unlimited Amount of Additions
Abstract
Malware detection methods based on gray images and deep learning have the characteristics of high detection accuracy and no need of feature engineering. Unfortunately, adversarial examples (AEs) can deceive such detection methods. However, it is difficult to reduce the detection accuracy of this kind of detection method greatly without destroying the functional integrity of the original file. By analyzing the structure and loading mechanism of portable executable (PE) files, this paper proposes an unrestricted add-amount bytecode attack (BAUAA). BAUAA generates adversarial samples by adding bytecode to a “section additional space” in the PE file that is scattered after each section and is not loaded into memory, and because of the unlimited amount of this space that can be added, the generated adversarial samples can be transformed into grayscale images that vary in size and texture, which can affect the discrimination accuracy of gray images and deep learning-based malware detection methods. The experimental results show that the detection accuracy of the malware detection method based on gray images and deep learning for the AEs generated by BAUAA is significantly lower than that for the non-AEs. To avoid the abuse of BAUAA in reality, it proposes a targeted AE detection method.
Keywords
