HashTran-DNN: A Framework for Enhancing Robustness of Deep Neural Networks against Adversarial Malware Samples

TL;DR

This paper introduces HashTran-DNN, a novel framework that enhances the robustness of deep neural networks against adversarial malware samples by using hash functions and auto-encoders, significantly improving defense capabilities.

Contribution

The paper proposes HashTran-DNN, a new framework combining hash transformations and denoising auto-encoders to improve malware detection robustness against adversarial attacks.

Findings

HashTran-DNN effectively defends against four known adversarial attacks.

Standard DNNs are vulnerable to adversarial malware samples.

HashTran-DNN outperforms existing defenses in malware classification.

Abstract

Adversarial machine learning in the context of image processing and related applications has received a large amount of attention. However, adversarial machine learning, especially adversarial deep learning, in the context of malware detection has received much less attention despite its apparent importance. In this paper, we present a framework for enhancing the robustness of Deep Neural Networks (DNNs) against adversarial malware samples, dubbed Hashing Transformation Deep Neural Networks} (HashTran-DNN). The core idea is to use hash functions with a certain locality-preserving property to transform samples to enhance the robustness of DNNs in malware classification. The framework further uses a Denoising Auto-Encoder (DAE) regularizer to reconstruct the hash representations of samples, making the resulting DNN classifiers capable of attaining the locality information in the latent space. We experiment with two concrete instantiations of the HashTran-DNN framework to classify Android malware. Experimental results show that four known attacks can render standard DNNs useless in classifying Android malware, that known defenses can at most defend three of the four attacks, and that HashTran-DNN can effectively defend against all of the four attacks.