| Given the threat of malware,researchers both domestically and internationally have proposed a large number of visual detection methods for malware.The malware detection method based on grayscale images and deep learning has the characteristics of no feature engineering and high detection rate,and has received widespread attention in the field of malware detection.However,existing research has shown that carefully designed adversarial samples can deceive malware detection methods based on grayscale images and deep learning.The research on attack and defense in the security field never stops.In order to improve the robustness of the detection model against PE file adversarial samples,this paper studies a new adversarial sample generation method,and designs corresponding defense methods by analyzing its attack mechanism.The main work of this article includes:(1)A bytecode attack method with unlimited amount of additions.The adversarial samples generated by most current bytecode attack methods are difficult to greatly reduce the discrimination accuracy of this type of detection method without destroying the functional integrity of the original file.Based on the analysis of the structure of the executable(Portable Executable,PE)file and the loading mechanism,it was found that the "segment additional space" scattered at the end of each segment without limitation and not loaded into memory,and based on this space A Bytecode Attack method with Unlimited Amount of Additions(BAUAA)that does not destroy the original functions of PE files and can add unlimited amounts is proposed.Adversarial samples are generated by adding bytecodes in the "section additional space" of the PE file.Since this space has the characteristics of unlimited addition,the grayscale image converted by the generated adversarial samples can be changed in size and texture.Changes can affect the discrimination accuracy of malware detection methods based on grayscale images and deep learning.And the attack performance evaluation was carried out on the data sets collected by VX-heaven,Virusshare,and 360 software housekeeper.The experimental results show that the malware detection method based on grayscale images has a significant decrease in the discrimination accuracy of the adversarial samples generated by BAUAA.(2)ASRIE Defense Model for Defending BAUAA Attacks: In order to enhance the robustness of grayscale image-based malware detection models using deep learning,this paper analyzes the BAUAA attack mechanism,which creates scattered noise regions dispersed throughout various sections by modifying section headers.Therefore,this paper proposes a Two-Step Preprocessing Method Based on Adversarial Sample Recognition and Key Information Extraction(ASRIE),which combines adversarial sample detection and input preprocessing techniques to preserve complete information of normal samples and denoise adversarial samples based on file structure obfuscation.Based on this method,the ASRIE defense model is proposed to defend against BAUAA adversarial samples.Experimental results demonstrate that the ASRIE defense model is more robust than the original Model,maintaining a misclassification rate(MR)of around 5% for BAUAA adversarial samples. |
PDF Full Text Request