TL;DR
Tarallo introduces a novel adversarial attack framework that effectively evades behavioral malware detectors by addressing malware nondeterminism with new algorithms, achieving up to 99% success in fooling detectors with minimal modifications.
Contribution
The paper presents PS-FGSM and problem space strategies to improve adversarial attacks on malware detectors, accounting for malware nondeterminism, and implements them in the Tarallo framework.
Findings
Achieves up to 99% success rate in evading malware detectors.
Significantly reduces the number of modifications needed for successful attacks.
Outperforms previous adversarial attack methods in both white and black-box scenarios.
Abstract
Machine learning algorithms can effectively classify malware through dynamic behavior but are susceptible to adversarial attacks. Existing attacks, however, often fail to find an effective solution in both the feature and problem spaces. This issue arises from not addressing the intrinsic nondeterministic nature of malware, namely executing the same sample multiple times may yield significantly different behaviors. Hence, the perturbations computed for a specific behavior may be ineffective for others observed in subsequent executions. In this paper, we show how an attacker can augment their chance of success by leveraging a new and more efficient feature space algorithm for sequential data, which we have named PS-FGSM, and by adopting two problem space strategies specially tailored to address nondeterminism in the problem space. We implement our novel algorithm and attack strategies in…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
