基于WGAN的移动恶意对抗样本生成研究

doi:10.3969/j.issn.1671-1122.2020.11.007

信息网络安全 ›› 2020, Vol. 20 ›› Issue (11): 51-58.doi: 10.3969/j.issn.1671-1122.2020.11.007

基于WGAN的移动恶意对抗样本生成研究

李红娇, 陈红艳()

上海电力大学计算机科学与技术学院,上海 201306

收稿日期:2020-09-21 出版日期:2020-11-10 发布日期:2020-12-31
通讯作者: 陈红艳 E-mail:15000388434@163.com
作者简介:李红娇（1974—）,女,河南,副教授,博士,主要研究方向为信息系统安全、隐私保护以及入侵检测等|陈红艳（1995—）,女,安徽,硕士研究生,主要研究方向为信息安全
基金资助:
国家自然科学基金(61403247);国家自然科学基金(61702321);上海市信息安全综合管理技术研究重点实验室开放课题(AGK2015005);上海市科委地方能力建设项目(15110500700)

Research on Mobile Malicious Adversarial Sample Generation Based on WGAN

LI Hongjiao, CHEN Hongyan()

School of Computer Science and Technology, Shanghai Electric Power University, Shanghai 201306, China

Received:2020-09-21 Online:2020-11-10 Published:2020-12-31
Contact: CHEN Hongyan E-mail:15000388434@163.com

摘要/Abstract

摘要：

近年来,利用机器学习算法进行移动终端恶意软件的检测已成为研究热点,而恶意软件制作者为了使恶意软件能够逃避检测,采用各种方法来制作恶意对抗样本。文章提出一种基于Wasserstein GAN（WGAN）的算法MalWGAN来生成移动终端恶意对抗样本,使其能够绕过基于机器学习算法的黑盒模型检测器来逃避检测。与现有基于静态梯度方法生成的对抗样本不同,MalWGAN模型结合了API调用和静态特征来生成对抗样本。由于对抗样本是由黑盒模型检测器的反馈动态生成的,因此逃避黑盒模型检测器检测的概率更高。

关键词: 对抗样本, WGAN, 检测逃避

Abstract:

In recent years, using machine learning algorithm to detect mobile terminal malware has become a research hotspot. In order to make the malware evade detection, malware producers use various methods to make malicious adversarial samples. This paper proposes an algorithm MalWGAN based on Wasserstein GAN (WGAN) to generate mobile terminal malicious adversarial samples, which can bypass the black box model detector based on machine learning algorithms to evade detection. Different from the existing adversarial samples generated by static gradient methods, the MalWGAN model combines API calls and static features to generate adversarial samples. Since adversarial samples are dynamically generated by the feedback of the black box model detector, the probability of escaping from the detection of the black box model detector is higher.

Key words: adversarial sample, WGAN, evasion of detection

中图分类号:

TP309

李红娇, 陈红艳. 基于WGAN的移动恶意对抗样本生成研究[J]. 信息网络安全, 2020, 20(11): 51-58.

LI Hongjiao, CHEN Hongyan. Research on Mobile Malicious Adversarial Sample Generation Based on WGAN[J]. Netinfo Security, 2020, 20(11): 51-58.

图/表 9

图1

图2

图3

表1

图4

表2

图5

图6

图7

参考文献 19

[1]	McAfee. McAfee Mobile Threat Report Q1 2018[EB/OL]. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2018.pdf, 2020-3-20.
[2]	OUYANG Li, LU Tianliang. Android Malware Detection Based on Deep Belief Network[J]. Information Technology and Network Security, 2019,5(5):22-27.
	欧阳立、卢天亮. 基于深度置信网络的Android恶意软件检测[J]. 信息技术与网络安全, 2019,5(5):22-27.
[3]	CARLINI N, WAGNER D. Towards Evaluating the Robustness of Neural Networks[C]//IEEE. 2017 IEEE Symposium on Security and Privacy (SP), May 22-26, 2017, San Jose, CA, USA. NJ: IEEE, 2017: 39-57.
[4]	GOODFELLOW I, SHLENS J, SZEGEDY C. Explaining and Harnessing Adversarial Examples[EB/OL]. https://www.researchgate.net/publication/269935591_Explaining_and_Harnessing_Adversarial_Examples, 2020-3-20.
[5]	KURAKIN A, GOODFELLOW I, BENGIO S. Adversarial Examples in the Physical World[EB/OL]. https://www.researchgate.net/publication/305186613_Adversarial_examples_in_the_physical_world, 2020-3-20.
[6]	PAPERNOT N, MCDANIEL P, JHA S, et al. The Limitations of Deep Learning in Adversarial Settings[C]//IEEE. 2016 IEEE European Symposium on Security and Privacy (EuroS&P), March 21-24, 2016, Saarbrucken, Germany. NJ: IEEE, 2016: 372-387.
[7]	KATHRIN G, NICOLAS P, PRAVEEN M, et al. Adversarial Perturbations against Deep Neural Networks for Malware Classification[EB/OL]. https://arxiv.org/abs/1606.04435, 2016-6-16.
[8]	PAPERNOT N, MCDANIEL P, GOODFELLOW I, et al. Practical Black-box Attacks against Deep Learning Systems Using Adversarial Examples[EB/OL]. https://arxiv.org/abs/1602.02697v2, 2016-2-19.
[9]	PAPERNOT N, MCDANIEL P, GOODFELLOW I. Transferability in Machine Learning: from Phenomena to Black-box Attacks Using Adversarial Samples[EB/OL]. https://arxiv.org/abs/1605.07277, 2016-5-24.
[10]	LIU Yanpei, CHEN Xinyun, LIU Chang, et al. Delving into Transferable Adversarial Examples and Black-box Attacks[EB/OL]. https://arxiv.org/abs/1611.02770, 2017-2-7.
[11]	HU Weiwei, TAN Ying. Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN[EB/OL]. https://arxiv.org/abs/1702.05983, 2017-2-20.
[12]	GOODFELLOW I, POUGETABADIE J, MIRZA M, et al. Generative Adversarial Networks[EB/OL]. https://arxiv.org/abs/1406.2661, 2014-1-10.
[13]	TANG Chuan, ZHANG Yi, YANG Yuexiang, et al. DroidGAN: an Android Adversarial Sample Generation Framework Based on DCGAN[J]. Journal on Communications, 2018,18(S1):64-69.
	唐川, 张义, 杨岳湘, 等. DroidGAN:基于DCGAN 的 Android 对抗样本生成框架[J]. 通信学报, 2018,18(S1):64-69.
[14]	ARJOVSKY M, CHINTALA S, BOTTOU L, Wasserstein GAN[EB/OL]. https://arxiv.org/abs/1701.07875, 2017-12-6.
[15]	ARJOVSKY M, BOTTOU L. Towards Principled Methods for Training generative Adversarial Networks[EB/OL]. https://arxiv.org/abs/1701.04862, 2017-1-17.
[16]	CHEN Sen, XUE Minhui, FAN Lingling, et al. Automated Poisoning Attacks and Defenses in Malware Detection Systems: An Adversarial Machine Learning Approach[J]. Computers & Security, 2018,73(3):326-344.
[17]	DEMONTIS A, MELIS M, BIGGIO B, et al. Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection[J]. IEEE Transactions on Dependable and Secure Computing, 2019,16(4):711-724.
[18]	ONWUZURIKE L, MARICONTI E, ANDRIOTIS P, et al. MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models[EB/OL]. https://arxiv.org/abs/1711.07477, 2019-3-2.
[19]	Corvus Forensics. VirusShare[EB/OL]. https://virusshare.com/, 2020-3-20.

分类器	训练集		测试集
分类器	原始样本	对抗样本	原始样本	对抗样本
RF	95.7068	0.0000	95.7547	0.0000
LR	95.5853	0.0000	96.4401	0.0000
DT	99.7975	0.0000	1.0000	0.0000
SVM	95.0992	0.0000	94.3366	0.0000
AB	94.4920	0.0000	94.1747	0.0000
MLP	96.4763	0.0016	95.9547	0.0065
VOTE	96.0308	0.0000	94.9838	0.0000

分类器	训练集		测试集
分类器	原始样本	对抗样本	原始样本	对抗样本
RF	95.4656	0.0008	96.2783	0.0032
LR	95.3846	0.0729	94.8220	0.0566
DT	99.8381	0.0000	99.8382	0.0000
SVM	94.7368	0.0000	94.3366	0.0000
AB	93.7652	0.0033	94.3666	0.0065
MLP	96.7611	0.0000	96.7638	0.0016
VOTE	96.2753	0.0000	95.1456	0.0000

基于WGAN的移动恶意对抗样本生成研究

Research on Mobile Malicious Adversarial Sample Generation Based on WGAN

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 19

相关文章 2

编辑推荐

Metrics

本文评价

[1]	仝鑫, 王罗娜, 王润正, 王靖亚. 面向中文文本分类的词级对抗样本生成方法[J]. 信息网络安全, 2020, 20(9): 12-16.
[2]	王耀杰, 钮可, 杨晓元. 基于生成对抗网络的图像隐藏方案[J]. 信息网络安全, 2019, 19(5): 54-60.