A Wolf in Sheep's Clothing: Practical Black-box Adversarial Attacks for Evading Learning-based Windows Malware Detection in the Wild

TL;DR

This paper introduces MalGuise, a black-box adversarial attack framework that effectively evades learning-based Windows malware detectors by semantics-preserving control-flow graph transformations, raising security concerns in real-world scenarios.

Contribution

MalGuise is a novel black-box attack method using semantics-preserving transformations and Monte-Carlo-tree-search optimization to evade malware detection systems.

Findings

Achieves over 95% attack success rate against malware detectors.

Maintains semantics in over 91% of adversarial malware files.

Successfully evades up to 74.97% of anti-virus products.

Abstract

Given the remarkable achievements of existing learning-based malware detection in both academia and industry, this paper presents MalGuise, a practical black-box adversarial attack framework that evaluates the security risks of existing learning-based Windows malware detection systems under the black-box setting. MalGuise first employs a novel semantics-preserving transformation of call-based redividing to concurrently manipulate both nodes and edges of malware's control-flow graph, making it less noticeable. By employing a Monte-Carlo-tree-search-based optimization, MalGuise then searches for an optimized sequence of call-based redividing transformations to apply to the input Windows malware for evasions. Finally, it reconstructs the adversarial malware file based on the optimized transformation sequence while adhering to Windows executable format constraints, thereby maintaining the same semantics as the original. MalGuise is systematically evaluated against three state-of-the-art learning-based Windows malware detection systems under the black-box setting. Evaluation results demonstrate that MalGuise achieves a remarkably high attack success rate, mostly exceeding 95%, with over 91% of the generated adversarial malware files maintaining the same semantics. Furthermore, MalGuise achieves up to a 74.97% attack success rate against five anti-virus products, highlighting potential tangible security concerns to real-world users.