• Corpus ID: 8397498

Adversarial Perturbations Against Deep Neural Networks for Malware Classification

@article{Grosse2016AdversarialPA,
  title={Adversarial Perturbations Against Deep Neural Networks for Malware Classification},
  author={Kathrin Grosse and Nicolas Papernot and Praveen Manoharan and Michael Backes and Patrick Mcdaniel},
  journal={ArXiv},
  year={2016},
  volume={abs/1606.04435}
}
Deep neural networks, like many other machine learning models, have recently been shown to lack robustness against adversarially crafted inputs. [] Key Method The application domain of malware classification introduces additional constraints in the adversarial sample crafting problem when compared to the computer vision domain: (i) continuous, differentiable input domains are replaced by discrete, often binary inputs; and (ii) the loose condition of leaving visual appearance unchanged is replaced by…

Figures and Tables from this paper

Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries

This work finds that a recently-proposed convolutional neural network does not learn any meaningful characteristic for malware detection from the data and text sections of executable files, but rather tends to learn to discriminate between benign and malware samples based on the characteristics found in the file header.

Simple Black-Box Adversarial Attacks on Deep Neural Networks

This work focuses on deep convolutional neural networks and demonstrates that adversaries can easily craft adversarial examples even without any internal knowledge of the target network, and proposes schemes that could serve as a litmus test for designing robust networks.

Simple Black-Box Adversarial Perturbations for Deep Networks

This work focuses on deep convolutional neural networks and demonstrates that adversaries can easily craft adversarial examples even without any internal knowledge of the target network.

Adversarial Deep Learning for Robust Detection of Binary Encoded Malware

Methods capable of generating functionally preserved adversarial malware examples in the binary domain are introduced using the saddle-point formulation to incorporate the adversarial examples into the training of models that are robust to them.

Defense Methods Against Adversarial Examples for Recurrent Neural Networks

This paper presents a novel defense method, termed sequence squeezing, to make RNN classifiers more robust against adversarial attacks, and implements four additional RNN defense methods inspired by recently published CNN defense methods.

Detecting Adversarial Image Examples in Deep Neural Networks with Adaptive Noise Reduction

This paper proposes a straightforward method for detecting adversarial image examples, which can be directly deployed into unmodified off-the-shelf DNN models and raises the bar for defense-aware attacks.

Adversarial Attack, Defense, and Applications with Deep Learning Frameworks

This chapter discusses recent methods to defend against adversarial attacks on deep learning frameworks, and explores recent work applying adversarial attack techniques to some popular commercial deep learning applications, such as image classification, speech recognition and malware detection.

Deep Learning Applications for Cyber Security

This chapter discusses recent methods to defend against adversarial attacks on deep learning frameworks, and explores recent work applying adversarial attack techniques to some popular commercial deep learning applications, such as image classification, speech recognition and malware detection.

HashTran-DNN: A Framework for Enhancing Robustness of Deep Neural Networks against Adversarial Malware Samples

The core idea is to use hash functions with a certain locality-preserving property to transform samples to enhance the robustness of DNNs in malware classification, and to show that HashTran-DNN can effectively defend against all of the four attacks.

Adversary Resistant Deep Neural Networks with an Application to Malware Detection

This work proposes a new adversary resistant technique that obstructs attackers from constructing impactful adversarial samples by randomly nullifying features within data vectors and theoretically validate the robustness of the technique, and empirically show that the technique significantly boosts DNN robustness to adversarialamples while maintaining high accuracy in classification.
...

References

SHOWING 1-10 OF 28 REFERENCES

Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples

This work introduces the first practical demonstration that cross-model transfer phenomenon enables attackers to control a remotely hosted DNN with no access to the model, its parameters, or its training data, and introduces the attack strategy of fitting a substitute model to the input-output pairs in this manner, then crafting adversarial examples based on this auxiliary model.

The Limitations of Deep Learning in Adversarial Settings

This work formalizes the space of adversaries against deep neural networks (DNNs) and introduces a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs.

Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks

The study shows that defensive distillation can reduce effectiveness of sample creation from 95% to less than 0.5% on a studied DNN, and analytically investigates the generalizability and robustness properties granted by the use of defensive Distillation when training DNNs.

Practical Black-Box Attacks against Machine Learning

This work introduces the first practical demonstration of an attacker controlling a remotely hosted DNN with no such knowledge, and finds that this black-box attack strategy is capable of evading defense strategies previously found to make adversarial example crafting harder.

Towards Deep Neural Network Architectures Robust to Adversarial Examples

Deep Contractive Network is proposed, a model with a new end-to-end training procedure that includes a smoothness penalty inspired by the contractive autoencoder (CAE) to increase the network robustness to adversarial examples, without a significant performance penalty.

Explaining and Harnessing Adversarial Examples

It is argued that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature, supported by new quantitative results while giving the first explanation of the most intriguing fact about them: their generalization across architectures and training sets.

Machine Learning in Adversarial Settings

The authors consider the underlying causes of adversarial samples and the future countermeasures that might mitigate them.

Large-scale malware classification using random projections and neural networks

This work uses random projections to further reduce the dimensionality of the original input space and trains several very large-scale neural network systems with over 2.6 million labeled samples thereby achieving classification results with a two-class error rate of 0.49% for a single neural network and 0.42% for an ensemble of neural networks.

Intriguing properties of neural networks

It is found that there is no distinction between individual highlevel units and random linear combinations of high level units, according to various methods of unit analysis, and it is suggested that it is the space, rather than the individual units, that contains of the semantic information in the high layers of neural networks.

DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket

DREBIN is proposed, a lightweight method for detection of Android malware that enables identifying malicious applications directly on the smartphone and outperforms several related approaches and detects 94% of the malware with few false alarms.