Flow-based detection and proxy-based evasion of encrypted malware C2 traffic

TL;DR

This paper investigates the vulnerability of deep learning-based encrypted malware C2 traffic detection to adversarial attacks and proposes methods to improve robustness through crafted adversarial samples and incremental training.

Contribution

It introduces a novel analysis of feature set and iteration-hardening for encrypted C2 traffic detection, demonstrating how different crafting approaches affect robustness.

Findings

High evasion rates with generated adversarial samples can be reduced with crafted samples.

Model hardening effectiveness varies with attack and feature set.

Incremental training with adversarial samples enhances robustness.

Abstract

State of the art deep learning techniques are known to be vulnerable to evasion attacks where an adversarial sample is generated from a malign sample and misclassified as benign. Detection of encrypted malware command and control traffic based on TCP/IP flow features can be framed as a learning task and is thus vulnerable to evasion attacks. However, unlike e.g. in image processing where generated adversarial samples can be directly mapped to images, going from flow features to actual TCP/IP packets requires crafting the sequence of packets, with no established approach for such crafting and a limitation on the set of modifiable features that such crafting allows. In this paper we discuss learning and evasion consequences of the gap between generated and crafted adversarial samples. We exemplify with a deep neural network detector trained on a public C2 traffic dataset, white-box adversarial learning, and a proxy-based approach for crafting longer flows. Our results show 1) the high evasion rate obtained by using generated adversarial samples on the detector can be significantly reduced when using crafted adversarial samples; 2) robustness against adversarial samples by model hardening varies according to the crafting approach and corresponding set of modifiable features that the attack allows for; 3) incrementally training hardened models with adversarial samples can produce a level playing field where no detector is best against all attacks and no attack is best against all detectors, in a given set of attacks and detectors. To the best of our knowledge this is the first time that level playing field feature set- and iteration-hardening are analyzed in encrypted C2 malware traffic detection.