ROOTS 2019 Talk: Shallow Security: on the Creation of Adversarial Variants to Evade ML-Based Malware Detectors – Fabricio Ceschin
The use of Machine Learning (ML) techniques for malware detection has been a trend in the last two decades. More recently, researchers started to investigate adversarial approaches to bypass these ML-based malware detectors. Adversarial attacks became so popular that a large Internet company (ENDGAME Inc.) has launched a public challenge to encourage researchers to bypass their (three) ML-based static malware detectors. Our research group teamed to participate in this challenge in August/2019 and accomplishing the bypass of all 150 tests proposed by the company. To do so, we implemented an automatic exploitation method which moves the original malware binary sections to resources and includes new chunks of data to it to create adversarial samples that not only bypassed their ML detectors, but also real AV engines as well (with a lower detection rate than the original samples). In this talk, we detail our methodological approach to overcome the challenge and report our findings. With these results, we expect to contribute to the community and provide better understanding on ML-based detectors weaknesses. We also pinpoint future research directions toward the development of more robust malware detectors against adversarial machine learning.
Fabrício Ceschin is a Ph.D. student and master’s degree in informatics at Federal University of Parana, Brazil (UFPR). Currently interested in machine learning and deep learning applied to security. Supported student by the program Google LARA (Latin America Research Awards) 2017.