Adversarial EXEmples: Functionality-preserving Optimization of Adversarial Windows Malware

Speaker: Luca Demetrio

Affiliation: University of Cagliari

Date: Friday, February 25th, 2022
Time: 4:00 p.m.
Location: room 322, via Dodecaneso 35, Genova, Italy

Zoom Meeting
ID: 81787051443
Passcode: 411774

Title: Adversarial EXEmples: Functionality-preserving Optimization of Adversarial Windows Malware

Abstract: Windows malware classifiers that rely on static analysis have been proven vulnerable to adversarial EXEmples, i.e., malware carefully manipulated to evade detection. However, their optimization either requires computationally-expensive procedures validated in sandbox environments, or query-inefficient algorithms based on random manipulations of the input malware. To overcome these limitations, we propose RAMEn, a general framework for creating adversarial EXEmples through the use of functionality-preserving manipulations. RAMEn enables optimizing the parameters of such manipulations via gradient-based (white-box) and gradient-free (black-box) attacks, encompassing most of the state-of-the-art attack techniques proposed so far to craft adversarial Windows malware. It also includes a set of black-box attacks, referred to as GAMMA, which optimizes the injection of benign content to facilitate evasion. In our experiments, we show how white-box attacks flattens the detection rate of end-to-end malware detectors, and black-box attacks bypass a robust non-differentiable model trained on hand-crafted features. The latter also transfer to commercial products, surprisingly bypassing 12 of them. We conclude by discussing limitations of our approach, along with promising future research directions.

Bio: Luca Demetrio is a Postdoctoral Researcher at PRA Lab. He received his bachelor, master and Ph.D. degree at the University of Genova in 2015, 2017 and 2021. His Ph.D. thesis, “Formalizing Evasion Attacks against Security Detectors”, revolves around the application of Adversarial Machine Learning against threat detectors, specifically how to fool Windows malware and SQL injections detectors by applying well-crafted noise to data. As a natural follow-up of his Ph.D. work, he is currently studying the security of Windows malware detectors implemented with Machine Learning techniques.  He is the main developer of SecML Malware, a Python library for creating adversarial Windows malware. He is also currently involved in the development of techniques that can improve the quality of the evaluation of machine learning models, by providing debugging tools that can spot the failures at attack time.

Ultimo aggiornamento 22 Febbraio 2022