Single-Shot Black-Box Adversarial Attacks Against Malware Detectors: A Causal Language Model Approach

James Lee Hu, Mohammadreza Ebrahimi, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Deep Learning (DL)-based malware detectors are increasingly adopted for early detection of malicious behavior in cybersecurity. However, their sensitivity to adversarial malware variants has raised immense security concerns. Generating such adversarial variants by the defender is crucial to improving the resistance of DL-based malware detectors against them. This necessity has given rise to an emerging stream of machine learning research, Adversarial Malware example Generation (AMG), which aims to generate evasive adversarial malware variants that preserve the malicious functionality of a given malware. Within AMG research, black-box method has gained more attention than white-box methods. However, most black-box AMG methods require numerous interactions with the malware detectors to generate adversarial malware examples. Given that most malware detectors enforce a query limit, this could result in generating non-realistic adversarial examples that are likely to be detected in practice due to lack of stealth. In this study, we show that a novel DL-based causal language model enables single-shot evasion (i.e., with only one query to malware detector) by treating the content of the malware executable as a byte sequence and training a Generative Pre-Trained Transformer (GPT). Our proposed method, MalGPT, significantly outperformed the leading benchmark methods on a real-world malware dataset obtained from VirusTotal, achieving over 24.51% evasion rate. MalGPT enables cybersecurity researchers to develop advanced defense capabilities by emulating large-scale realistic AMG.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665438384
DOIs
StatePublished - 2021
Externally publishedYes
Event19th Annual IEEE International Conference on Intelligence and Security Informatics, ISI 2021 - Virtual, Online, United States
Duration: Nov 2 2021Nov 3 2021

Publication series

NameProceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021

Conference

Conference19th Annual IEEE International Conference on Intelligence and Security Informatics, ISI 2021
Country/TerritoryUnited States
CityVirtual, Online
Period11/2/2111/3/21

Keywords

  • Adversarial malware variants
  • deep learning-based language models
  • generative pre-trained transformers
  • single-shot black-box evasion

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Single-Shot Black-Box Adversarial Attacks Against Malware Detectors: A Causal Language Model Approach'. Together they form a unique fingerprint.

Cite this