ROOTs 2020: A survey on practical adversarial examples for malware classifiers – Daniel Park

Sanna/ November 18, 2020/ ROOTS/ 0 comments

Machine learning based models have proven to be effective in a variety of problem spaces, especially in malware detection and classification. However, with the discovery of deep learning models’ vulnerability to adversarial perturbations, a new attack has been developed against these models. The first attacks based on adversarial example research focused on generating feature vectors, but more recent research shows it is possible to generate evasive malware samples. In this talk, I will discuss several attacks that have been developed against machine learning based malware classifiers that leverage adversarial perturbations to develop an adversarial malware example. Adversarial malware examples differ from adversarial examples in the natural image domain in that they must retain the original malicious program logic in addition to evading detection or classification. Adversarial machine learning has become increasingly popular and is

Read More

ROOTs 2020: No Need to Teach New Tricks to Old Malware: Winning an Evasion Challenge with XOR-based Adversarial – Fabrício Ceschin

Sanna/ November 12, 2020/ ROOTS/ 0 comments

Adversarial machine learning is so popular nowadays that Machine Learning (ML) based security solutions became the target of many attacks and, as a consequence, they need to adapt to them to be effective. In our talk, we explore attacks in different ML-models used to detect malware, as part of our experience in the Machine Learning Security Evasion Competition (MLSEC) 2020, sponsored by Microsoft and CUJO AI’s Vulnerability Research Lab, in which we managed to finish in first and second positions in the attacker’ and defender challenge, respectively. During the contest’s first edition (2019), participating teams were challenged to bypass three ML models in a white box manner. Our team bypassed all three of them and reported interesting insights about the models’ weaknesses. This year, the challenge evolved into an attack-and-defense model: the teams should either propose

Read More