Instance Attack:An Explanation-based Vulnerability Analysis Framework Against DNNs for Malware Detection

TL;DR

This paper introduces an interpretable, black-box attack framework for DNN-based malware detection that uses data augmentation and explanation techniques to generate adversarial examples with high success rates.

Contribution

The work presents a novel instance-based attack method that is interpretable, operates in black-box environments, and leverages data augmentation and explanation techniques for malware detection.

Findings

Achieves nearly 100% success rate in fooling DNNs

Operates effectively in black-box settings without detailed model info

Outperforms existing state-of-the-art methods

Abstract

Deep neural networks (DNNs) are increasingly being applied in malware detection and their robustness has been widely debated. Traditionally an adversarial example generation scheme relies on either detailed model information (gradient-based methods) or lots of samples to train a surrogate model, neither of which are available in most scenarios. We propose the notion of the instance-based attack. Our scheme is interpretable and can work in a black-box environment. Given a specific binary example and a malware classifier, we use the data augmentation strategies to produce enough data from which we can train a simple interpretable model. We explain the detection model by displaying the weight of different parts of the specific binary. By analyzing the explanations, we found that the data subsections play an important role in Windows PE malware detection. We proposed a new function preserving transformation algorithm that can be applied to data subsections. By employing the binary-diversification techniques that we proposed, we eliminated the influence of the most weighted part to generate adversarial examples. Our algorithm can fool the DNNs in certain cases with a success rate of nearly 100\%. Our method outperforms the state-of-the-art method . The most important aspect is that our method operates in black-box settings and the results can be validated with domain knowledge. Our analysis model can assist people in improving the robustness of malware detectors.