Research Of Adversarial Example Technology On Malware Detection And Automatic Driving Application

With the rapid development of science and technology,the field of computer science and technology is obtaining an unprecedented development opportunity,especially the artificial intelligence(AI)technology based on machine learning(ML),artificial neural network(ANN),and its related applications.In recent years,with the upgrade of high-performance computational technology,the improvement of various optimization algorithms,the commercialization of 5G Network,and the development of intelligent Internet of Things(Io T)technology,the research and application of creative products based on AI technology attracted numerous domestic and foreign researchers from all trades and professions.Over the past five years,governments are vigorously building smart cities and AI industrial parks from the central government to local institutions.Meanwhile,industry giants are gradually prefect their layout of industrial chain in the AI field,as well as the entrepreneurial companies and innovative enterprises are increasing to deep mine the possible research product in the vertical field of artificial intelligence.However,even the best things are imperfect.At present,the adversarial example(AE)in deep neural networks(DNNs)is the ”Achilles heel” in the area of AI.By inserting a small amount of interference to the input samples,AE can make some AI models produce wrong discriminant results,but human beings cannot accurately distinguish the differences between original sample and obstructed sample.Although this is a simple mis-judgement phenomenon at first glance,it is fatal for the field of artificial intelligence research,especially in face recognition,self-driving technology,malware detection and other related fields which are widely used.Therefore,the security problem of the related research in AI,ANN,and AE should deserve more attention from researchers.This thesis mainly discusses the research and application of adversarial example technology.Meanwhile,it launches studying according to the application of adversarial example technology in the fields of malware detection and self-driving control system,which attract most attention at present.Then,this work puts forward some corresponding attacked and defensive strategies in further researches.The main works and innovations of this thesis can be listed as the following five aspects.(1)Comprehensively introduction of the adversarial example(AE)technology.Among them,it includes the basic concepts related to the AE technology,the generation methods of AE technology,the defensive strategy against AEs,and the practical applications of AE in different areas.This thesis summarizes and analyses six classical methods of AE attacks and five corresponding defensive strategies.Meanwhile,it lists three classical research fields and three new development fields in detail for AE's practical application.The current progress of AE technology is comprehensively discussed and analyzed in detail.(2)The study of attacking malicious software(malware)detectors using AE technology.This thesis proposes an Adversarial Texture Malware Perturbation Attack,i.e.,ATMPA method.This method is based on the gradient descent or L-norm optimization method,which could lead the ML-based malware detection methods completely fail by introducing tiny perturbations on the transformed dataset.The experimental results on the open-source malware dataset show that a small interference can reduce the detection rate of ML-based malware detectors down to 0 and the attack transferability between different detection methods can achieve a high level on average.In addition,attack experiments show that the attack transferability rate can achieve up to 88.7% and 74.1% on average in different ML-based detection methods.(3)The study of improving the accuracy of malware detectors using adversarial technic.This paper proposes an adversarial training-based malware visualization detection method,named Visual-AT.Different from traditional detection methods based on digital signature,static code analysis and dynamic code analysis,Visual-AT method can not only improve the detection efficiency of malware in analysis and discrimination,but also defend against the possible attack from malware AE and the potential threat of related malware variants.Meanwhile,this method can prevent zero-day attack as well.Experimental results on the MS BIG malware database and the Ember database demonstrate that our method is able to prevent the zero-day attack and achieve up to 97.73% accuracy,along with 96.25%in average for all the malware tested.In addition,Visual-AT method is obviously superior to the existing detection methods in commonly used performance evaluation indicators.(4)The study of security problem of automatic driving system with AE technology.This thesis proposes an novel AE-based automatic driving traffic sign attack method(i.e.,AE-Sign attack),which is the first induced attack method against deep learning-based traffic sign recognition machine in automatic driving system.This method not only points out the security problems of automatic driving technology,but also further exposes the potential security hazards in practical application based on deep learning method.The AE-Sign method uses the image scaling technique to insert tiny interference in the original real-time image by using the AE method,and achieves the purpose of interfering with the traffic sign detection system without damaging the identifiability of the original image,even further destroying the whole automatic driving system.Through the test with real-time open source dataset,the AE-Sign attack method shows very high success rate.Just with a little interference,the attack success rate can reach 100%,additionally,the average transfer rate is86.5%.Compared with the same class of attack methods,AE-Sign attack method not only has strong flexibility and generalization,but also can maintain the maximum consistency between interference sample and original one,which greatly improves the reliability and confidence level of attack.(5)Design and implement an AE attack system prototype,which aims at the application of AE attack method and automatic driving technology.At first,the attack system builds a simple self-driving simulation system,and then combines the existing AE attack methods to test.According to the simulated driving mode,this attack system initially realizes the attack environment based on the AE technology for the simulation real-time automatic driving.This thesis introduces the architecture of the attack system and the realization of each function module in detail.Finally,through the test of real-time traffic data,this work shows the effect of this attack system with the figure and table results.