Adversarial Detection of Flash Malware: Limitations and Open Issues

Maiorca D.
First
;
Demontis A.
Second
;
Biggio B.;Roli F.
Penultimate
;
Giacinto G.
Last
2020

Abstract

During the past four years, Flash malware has become one of the most insidious threats to detect, with almost 600 critical vulnerabilities targeting Adobe Flash Player disclosed in the wild. Research has shown that machine learning can be successfully used to detect Flash malware by leveraging static analysis to extract information from the structure of the file or its bytecode. However, the robustness of Flash malware detectors against well-crafted evasion attempts - also known as adversarial examples - has never been investigated. In this paper, we propose a security evaluation of a novel, representative Flash detector that embeds a combination of the prominent, static features employed by state-of-the-art tools. In particular, we discuss how to craft adversarial Flash malware examples, showing that it suffices to manipulate the corresponding source malware samples slightly to evade detection. We then empirically demonstrate that popular defense techniques proposed to mitigate evasion attempts, including re-training on adversarial examples, may not always be sufficient to ensure robustness. We argue that this occurs when the feature vectors extracted from adversarial examples become indistinguishable from those of benign data, meaning that the given feature representation is intrinsically vulnerable. In this respect, we are the first to formally define and quantitatively characterize this vulnerability, highlighting when an attack can be countered by solely improving the security of the learning algorithm, or when it requires also considering additional features. We conclude the paper by suggesting alternative research directions to improve the security of learning-based Flash malware detectors.
Inglese
96
1
16
16
https://www.sciencedirect.com/science/article/pii/S0167404820301760?via=ihub
Esperti anonimi
internazionale
scientifica
Adobe Flash,Malware Detection; Secure Machine Learning; Adversarial Training; Computer Security
Article number 101901
no
Maiorca, D.; Demontis, A.; Biggio, B.; Roli, F.; Giacinto, G.
1.1 Articolo in rivista
info:eu-repo/semantics/article
1 Contributo su Rivista::1.1 Articolo in rivista
262
5
partially_open
Files in This Item:
File Size Format  
maiorca20-cose.pdf

open access

Description: Pre-Print dell'articolo
Type: versione pre-print
Size 1.1 MB
Format Adobe PDF
1.1 MB Adobe PDF View/Open
Maiorca et al_Adversarial Detection of Flash Malware_Limitations and Open Issues_2020.pdf

Solo gestori archivio

Description: articolo
Type: versione editoriale
Size 4.5 MB
Format Adobe PDF
4.5 MB Adobe PDF & nbsp; View / Open   Request a copy

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Questionnaire and social

Share on:
Impostazioni cookie