ATMPA: Attacking Machine Learning-based Malware Visualization Detection Methods via Adversarial Examples

TL;DR

This paper reveals that ML-based malware visualization detection methods are vulnerable to adversarial attacks, demonstrating how small perturbations can drastically reduce detection accuracy, highlighting security concerns in malware detection systems.

Contribution

The paper introduces ATMPA, a novel adversarial attack method targeting ML-based malware visualization detection, showing its effectiveness and transferability across different models.

Findings

Adversarial perturbations can reduce detection accuracy to 0%

The attack has an average transferability rate of 74.1%

Small perturbations significantly compromise malware detection systems

Abstract

Since the threat of malicious software (malware) has become increasingly serious, automatic malware detection techniques have received increasing attention, where machine learning (ML)-based visualization detection methods become more and more popular. In this paper, we demonstrate that the state-of-the-art ML-based visualization detection methods are vulnerable to Adversarial Example (AE) attacks. We develop a novel Adversarial Texture Malware Perturbation Attack (ATMPA) method based on the gradient descent and L-norm optimization method, where attackers can introduce some tiny perturbations on the transformed dataset such that ML-based malware detection methods will completely fail. The experimental results on the MS BIG malware dataset show that a small interference can reduce the accuracy rate down to 0% for several ML-based detection methods, and the rate of transferability is 74.1% on average.