恶意软件
逃避(道德)
计算机科学
人工智能
对抗制
机器学习
启发式
Android恶意软件
计算机安全
免疫系统
免疫学
生物
作者
Deqiang Li,Shicheng Cui,Yun Li,Jing Xu,Fu Xiao,Shouhuai Xu
出处
期刊:IEEE Transactions on Dependable and Secure Computing
[Institute of Electrical and Electronics Engineers]
日期:2023-01-01
卷期号:: 1-16
标识
DOI:10.1109/tdsc.2023.3265665
摘要
Machine Learning (ML) techniques can facilitate the automation of mal icious soft ware (malware for short) detection, but suffer from evasion attacks. Many studies counter such attacks in heuristic manners, lacking theoretical guarantees and defense effectiveness. In this paper, we propose a new adversarial training framework, termed P rincipled A dversarial Malware D etection (PAD), which offers convergence guarantees for robust optimization methods. PAD lays on a learnable convex measurement that quantifies distribution-wise discrete perturbations to protect malware detectors from adversaries, whereby for smooth detectors, adversarial training can be performed with theoretical treatments. To promote defense effectiveness, we propose a new mixture of attacks to instantiate PAD to enhance deep neural network-based measurements and malware detectors. Experimental results on two Android malware datasets demonstrate: (i) the proposed method significantly outperforms the state-of-the-art defenses; (ii) it can harden ML-based malware detection against 27 evasion attacks with detection accuracies greater than 83.45%, at the price of suffering an accuracy decrease smaller than 2.16% in the absence of attacks; (iii) it matches or outperforms many anti-malware scanners in VirusTotal against realistic adversarial malware.
科研通智能强力驱动
Strongly Powered by AbleSci AI