计算机科学与探索 ›› 2022, Vol. 16 ›› Issue (10): 2286-2297.DOI: 10.3778/j.issn.1673-9418.2103057

• 网络与信息安全 • 上一篇    下一篇

可保留可用性和功能性的对抗样本

肖茂1,2, 郭春1,2,+(), 申国伟1,2, 蒋朝惠1,2   

  1. 1.贵州大学 计算机科学与技术学院,贵阳 550025
    2.公共大数据国家重点实验室,贵阳 550025
  • 收稿日期:2021-03-17 修回日期:2021-05-14 出版日期:2022-10-01 发布日期:2021-05-18
  • 通讯作者: + E-mail: gc_gzedu@163.com
  • 作者简介:肖茂(1996—),男,硕士研究生,CCF会员,主要研究方向为网络安全、恶意软件检测。
    郭春(1986—),男,博士,副教授,硕士生导师,CCF会员,主要研究方向为数据挖掘、入侵检测、恶意代码检测等。
    申国伟(1986—),男,博士,副教授,硕士生导师,CCF会员,主要研究方向为网络与信息安全、大数据。
    蒋朝惠(1965—),男,教授,硕士生导师,主要研究方向为网络与信息安全、入侵检测等。
  • 基金资助:
    国家自然科学基金(62062022);贵州省科学技术基金([2020]1Y268)

Adversarial Example Remaining Availability and Functionality

XIAO Mao1,2, GUO Chun1,2,+(), SHEN Guowei1,2, JIANG Chaohui1,2   

  1. 1. School of Computer Science and Technology, Guizhou University, Guiyang 550025, China
    2. State Key Laboratory of Public Big Data, Guiyang 550025, China
  • Received:2021-03-17 Revised:2021-05-14 Online:2022-10-01 Published:2021-05-18
  • About author:XIAO Mao, born in 1996, M.S. candidate, member of CCF. His research interests include network security and malware detection.
    GUO Chun, born in 1986, Ph.D., associate professor, M.S. supervisor, member of CCF. His research interests include data mining, intrusion detection, malware detection, etc.
    SHEN Guowei, born in 1986, Ph.D., associate professor, M.S. supervisor, member of CCF. His research interests include network and information security and big data.
    JIANG Chaohui, born in 1965, professor, M.S. supervisor. His research interests include network and information security, intrusion detection, etc.
  • Supported by:
    National Natural Science Foundation of China(62062022);Science and Technology Foundation of Guizhou Province([2020]1Y268)

摘要:

基于灰度图的恶意软件检测方法由于不需要反汇编且具有检测准确率高的特点而备受关注。现今已有一些针对该类检测方法的对抗攻击,然而当前大部分对抗攻击方法无法确保所生成的对抗样本仍保留原PE文件的可用性或功能性,或是选择在通过文件头信息便能进行准确检测的PE文件底部添加字节码。通过分析PE文件的区段对齐机制以及文件对齐机制,提出一种可保留PE文件可用性和功能性的字节码攻击方法(BARAF)。该方法通过在由文件对齐机制产生的间隙空间和源于区段对齐机制而具有的扩展空间内批量修改或添加字节码来生成可保留可用性和功能性的对抗样本,来欺骗基于灰度图像的恶意软件检测方法。实验结果表明,BARAF生成的对抗样本最多能使基于灰度图的恶意软件检测方法的准确率下降31.58个百分点,并且难以通过文件头信息对其进行准确检测。

关键词: 对抗样本, 恶意软件检测, 灰度图, PE文件

Abstract:

Malware detection method based on gray images has received a lot of attention because it does not require disassembly and can obtain a high detection accuracy. There are some adversarial attacks against this type of detection method which has been put forward, but most of the current adversarial attack methods cannot ensure that the generated adversarial examples can remain the availability or functionality of the original PE file, or choose to add bytecode at the bottom of a PE file that is easy to be accurately detected through the file header information. Based on the analysis of the section alignment mechanism and file alignment mechanism of PE files, this paper proposes a bytecode attack method that can remain the availability and functionality (BARAF) of PE files. By modifying or adding bytecodes in the gap spaces generated by the file alignment mechanism and the expansion spaces derived from the section alignment mechanism, BARAF generates the adversarial example that can remain the availability and functionality to deceive the malware detection method based on gray images. Experimental results show that the adversarial examples generated by BARAF can reduce the accuracy of the malware detection method based on gray images by 31.58 percentage points at most, and it is difficult to detect the adversarial examples accurately through the file header information.

Key words: adversarial example, malware detection, gray image, PE file

中图分类号: