IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v16y2024i5p168-d1393196.html
   My bibliography  Save this article

Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection

Author

Listed:
  • Muhammad Imran

    (Department of Computer Science, University of Study of Bari Aldo Moro, Via Orabona, 4, 70125 Bari, Italy)

  • Annalisa Appice

    (Department of Computer Science, University of Study of Bari Aldo Moro, Via Orabona, 4, 70125 Bari, Italy
    Consorzio Interuniversitario Nazionale per l’Informatica—CINI, Via Orabona, 4, 70125 Bari, Italy)

  • Donato Malerba

    (Department of Computer Science, University of Study of Bari Aldo Moro, Via Orabona, 4, 70125 Bari, Italy
    Consorzio Interuniversitario Nazionale per l’Informatica—CINI, Via Orabona, 4, 70125 Bari, Italy)

Abstract

During the last decade, the cybersecurity literature has conferred a high-level role to machine learning as a powerful security paradigm to recognise malicious software in modern anti-malware systems. However, a non-negligible limitation of machine learning methods used to train decision models is that adversarial attacks can easily fool them. Adversarial attacks are attack samples produced by carefully manipulating the samples at the test time to violate the model integrity by causing detection mistakes. In this paper, we analyse the performance of five realistic target-based adversarial attacks, namely Extend, Full DOS, Shift, FGSM padding + slack and GAMMA, against two machine learning models, namely MalConv and LGBM, learned to recognise Windows Portable Executable (PE) malware files. Specifically, MalConv is a Convolutional Neural Network (CNN) model learned from the raw bytes of Windows PE files. LGBM is a Gradient-Boosted Decision Tree model that is learned from features extracted through the static analysis of Windows PE files. Notably, the attack methods and machine learning models considered in this study are state-of-the-art methods broadly used in the machine learning literature for Windows PE malware detection tasks. In addition, we explore the effect of accounting for adversarial attacks on securing machine learning models through the adversarial training strategy. Therefore, the main contributions of this article are as follows: (1) We extend existing machine learning studies that commonly consider small datasets to explore the evasion ability of state-of-the-art Windows PE attack methods by increasing the size of the evaluation dataset. (2) To the best of our knowledge, we are the first to carry out an exploratory study to explain how the considered adversarial attack methods change Windows PE malware to fool an effective decision model. (3) We explore the performance of the adversarial training strategy as a means to secure effective decision models against adversarial Windows PE malware files generated with the considered attack methods. Hence, the study explains how GAMMA can actually be considered the most effective evasion method for the performed comparative analysis. On the other hand, the study shows that the adversarial training strategy can actually help in recognising adversarial PE malware generated with GAMMA by also explaining how it changes model decisions.

Suggested Citation

  • Muhammad Imran & Annalisa Appice & Donato Malerba, 2024. "Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection," Future Internet, MDPI, vol. 16(5), pages 1-30, May.
  • Handle: RePEc:gam:jftint:v:16:y:2024:i:5:p:168-:d:1393196
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/16/5/168/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/16/5/168/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Afnan Alotaibi & Murad A. Rassam, 2023. "Adversarial Machine Learning Attacks against Intrusion Detection Systems: A Survey on Strategies and Defense," Future Internet, MDPI, vol. 15(2), pages 1-34, January.
    2. Gladys W. Muoka & Ding Yi & Chiagoziem C. Ukwuoma & Albert Mutale & Chukwuebuka J. Ejiyi & Asha Khamis Mzee & Emmanuel S. A. Gyarteng & Ali Alqahtani & Mugahed A. Al-antari, 2023. "A Comprehensive Review and Analysis of Deep Learning-Based Medical Image Adversarial Attack and Defense," Mathematics, MDPI, vol. 11(20), pages 1-41, October.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Hassan Khazane & Mohammed Ridouani & Fatima Salahdine & Naima Kaabouch, 2024. "A Holistic Review of Machine Learning Adversarial Attacks in IoT Networks," Future Internet, MDPI, vol. 16(1), pages 1-42, January.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:16:y:2024:i:5:p:168-:d:1393196. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.