Evading Malware Classifiers via Monte Carlo Mutant Feature Discovery

dc.contributor.authorBoutsikas, John
dc.contributor.authorEren, Maksim E.
dc.contributor.authorVarga, Charles
dc.contributor.authorRaff, Edward
dc.contributor.authorMatuszek, Cynthia
dc.contributor.authorNicholas, Charles
dc.date.accessioned2021-07-06T13:55:09Z
dc.date.available2021-07-06T13:55:09Z
dc.date.issued2021-06-15
dc.descriptionPresented at the Malware Technical Exchange Meeting, Online, 2021.en_US
dc.description.abstractThe use of Machine Learning has become a significant part of malware detection efforts due to the influx of new malware, an ever changing threat landscape, and the ability of Machine Learning methods to discover meaningful distinctions between malicious and benign software. Antivirus vendors have also begun to widely utilize malware classifiers based on dynamic and static malware analysis features. Therefore, a malware author might make evasive binary modifications against Machine Learning models as part of the malware development life cycle to execute an attack successfully. This makes the studying of possible classifier evasion strategies an essential part of cyber defense against malice. To this extent, we stage a grey box setup to analyze a scenario where the malware author does not know the target classifier algorithm, and does not have access to decisions made by the classifier, but knows the features used in training. In this experiment, a malicious actor trains a surrogate model using the EMBER-2018 dataset to discover binary mutations that cause an instance to be misclassified via a Monte Carlo tree search. Then, mutated malware is sent to the victim model that takes the place of an antivirus API to test whether it can evade detection.en_US
dc.description.urihttps://arxiv.org/abs/2106.07860en_US
dc.format.extent10 pagesen_US
dc.genreconference papers and proceedings preprintsen_US
dc.identifierdoi:10.13016/m2vnop-19l4
dc.identifier.urihttp://hdl.handle.net/11603/21853
dc.language.isoen_USen_US
dc.relation.isAvailableAtThe University of Maryland, Baltimore County (UMBC)
dc.relation.ispartofUMBC Computer Science and Electrical Engineering Department Collection
dc.relation.ispartofUMBC Student Collection
dc.relation.ispartofUMBC Faculty Collection
dc.rightsThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
dc.titleEvading Malware Classifiers via Monte Carlo Mutant Feature Discoveryen_US
dc.typeTexten_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
2106.07860.pdf
Size:
329.6 KB
Format:
Adobe Portable Document Format
Description:

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
2.56 KB
Format:
Item-specific license agreed upon to submission
Description: