Portuguese English Spanish

On deceiving malware classification with section injection: attack and defense using deep neural networks

Enviado por hugo.chaves em seg, 31/10/2022 - 16:28

Nome do aluno

 

Adeilson Antônio da Silva

 

Título do trabalho

 

On deceiving malware classification with section injection: attack and defense using deep neural networks

 

Resumo do trabalho

 

We investigate how to modify executable files to deceive malware classification systems. This work's main contribution is a methodology to inject bytes across a malware file randomly and use it both as an attack to decrease classification accuracy but also as a defensive method, augmenting the data available for training. It respects the operating system file format to make sure the malware will still execute after our injection and will not change its behavior. We reproduced five state-of-the-art malware classification approaches to evaluate our injection scheme: one based on GIST+KNN, three CNN variations and one Gated CNN. We performed our experiments on a public dataset with 9,339 malware samples from 25 different families. Our results show that a mere increase of 7% in the malware size causes an accuracy drop between 25% and 40% for malware family classification. They show that a automatic malware classification system may not be as trustworthy as initially reported in the literature. We also evaluate using modified malwares alongside the original ones to increase networks robustness against mentioned attacks. Results show that a combination of reordering malware sections and injecting random data can improve overall performance of the classification. Code available at https://github.com/adeilsonsilva/malware-injection.

 

Orientador

 

Maurício Pamplona Segundo

 

Membro Titular Externo (com afiliação)

 

André Brasil Vieira Wyzykowski (Michigan State University)

 

Link para o curriculum lattes

 

http://lattes.cnpq.br/9280827841526837

 

Membro Titular Interno ou Titular Externo 2 (com afiliação)

 

Karl Apaza Agüero (UFBA)

 

Link para o curriculum lattes

 

http://lattes.cnpq.br/9947294815403759

 

Membro Suplente Externo (com afiliação)

 

Fillipe Dias Moreira de Souza (Intel)

 

Link para o curriculum lattes

 

https://scholar.google.com/citations?user=dRtstQkAAAAJ&hl=en

 

Membro Suplente Interno ou Suplente Externo 2 (com afiliação)

 

Rubisley de Paula Lemes (UFBA)

 

Link para o curriculum lattes

 

http://lattes.cnpq.br/4230260717556147

 

Data da defesa

 

22 Nov, 2022

 

Horário da defesa

 

2:00 PM

 

 

Data da Defesa: 
22/11/2022 - 14:00
Tipo de Defesa: 
Defesa de Mestrado