Journal of Frontiers of Computer Science and Technology ›› 2024, Vol. 18 ›› Issue (2): 526-537.DOI: 10.3778/j.issn.1673-9418.2302070

• Network·Security • Previous Articles     Next Articles

Adversarial Examples with Unlimited Amount of Additions

JIANG Zhoujie, CHEN Yi, XIONG Ziman, GUO Chun, SHEN Guowei   

  1. 1. State Key Laboratory of Public Big Data, School of Computer Science and Technology, Guizhou University, Guiyang 550025, China
    2. Engineering Research Center of Text Computing & Cognitive Intelligence of Ministry of Education, Guiyang 550025, China
    3. School of Continuing Education, Guizhou University, Guiyang 550025, China
  • Online:2024-02-01 Published:2024-02-01

可添加量不受限的对抗样本

蒋周杰,陈意,熊子漫,郭春,申国伟   

  1. 1. 贵州大学 计算机科学与技术学院 公共大数据重点实验室,贵阳 550025
    2. 文本计算与认知智能教育部工程研究中心,贵阳 550025
    3. 贵州大学 继续教育学院,贵阳 550025

Abstract: Malware detection methods based on gray images and deep learning have the characteristics of high detection accuracy and no need of feature engineering. Unfortunately, adversarial examples (AEs) can deceive such detection methods. However, it is difficult to reduce the detection accuracy of this kind of detection method greatly without destroying the functional integrity of the original file. By analyzing the structure and loading mechanism of portable executable (PE) files, this paper proposes an unrestricted add-amount bytecode attack (BAUAA). BAUAA generates adversarial samples by adding bytecode to a “section additional space” in the PE file that is scattered after each section and is not loaded into memory, and because of the unlimited amount of this space that can be added, the generated adversarial samples can be transformed into grayscale images that vary in size and texture, which can affect the discrimination accuracy of gray images and deep learning-based malware detection methods. The experimental results show that the detection accuracy of the malware detection method based on gray images and deep learning for the AEs generated by BAUAA is significantly lower than that for the non-AEs. To avoid the abuse of BAUAA in reality, it proposes a targeted AE detection method.

Key words: adversarial example, malware detection, gray image, portable executable (PE) file

摘要: 基于灰度图像和深度学习的恶意软件检测方法具有无需特征工程和检测精度高的特点,通过对抗样本能够欺骗该类检测方法。然而当前大部分研究所生成的对抗样本难以在不破坏原文件功能完整性的情况下大幅度降低该类检测方法对其的判别准确性。在分析可移植可执行(PE)文件的结构以及加载机制的基础上,提出一种不破坏PE文件原有功能且可添加量不受限的字节码攻击方法(BAUAA)。BAUAA通过在PE文件中分散于各区段之后且不会载入内存的“区段附加空间”添加字节码来生成对抗样本,并且由于该空间具有可添加量不受限的特点,可使得生成的对抗样本所转化的灰度图像在尺寸和纹理上发生变化,从而能够影响基于灰度图像和深度学习的恶意软件检测方法对其的判别准确性。实验结果表明,基于灰度图像和深度学习的恶意软件检测方法判别BAUAA所生成对抗样本的准确率明显低于其判别非对抗样本的准确率。为避免在现实中滥用BAUAA,提出一种针对性的对抗样本检测方法。

关键词: 对抗样本, 恶意软件检测, 灰度图像, 可移植可执行(PE)文件