Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes

TL;DR

This paper presents a novel attack that modifies executable bytes, including functional instructions, to deceive deep learning-based malware detectors with high success rates, highlighting the need for non-ML-based defenses.

Contribution

It introduces a new binary modification attack that manipulates functional instructions to evade DNN malware detection, demonstrating its effectiveness against multiple models and commercial antiviruses.

Findings

Attack achieves near 100% success in fooling DNNs

Can deceive some commercial anti-viruses with up to 85% success

Existing defenses can be bypassed by the proposed attack

Abstract

Motivated by the transformative impact of deep neural networks (DNNs) in various domains, researchers and anti-virus vendors have proposed DNNs for malware detection from raw bytes that do not require manual feature engineering. In this work, we propose an attack that interweaves binary-diversification techniques and optimization frameworks to mislead such DNNs while preserving the functionality of binaries. Unlike prior attacks, ours manipulates instructions that are a functional part of the binary, which makes it particularly challenging to defend against. We evaluated our attack against three DNNs in white- and black-box settings, and found that it often achieved success rates near 100%. Moreover, we found that our attack can fool some commercial anti-viruses, in certain cases with a success rate of 85%. We explored several defenses, both new and old, and identified some that can foil over 80% of our evasion attempts. However, these defenses may still be susceptible to evasion by attacks, and so we advocate for augmenting malware-detection systems with methods that do not rely on machine learning.