Research On Roubst Mechanism For Malware Classification Models

With the rapid development of the Internet,malware has been constantly changing and hiding itself in the cyberspace,thereby evading security detection.In research and practice,malware detection and classification models based on machine learning are constantly being proposed,but these models are easily affected by adversarial attacks.Adversarial attacks add a certain amount of disturbance to the malware,so that the malware classifier based on machine learning cannot be classified correctly,so as to avoid the inspection.In order to optimize the problem of poor robustness of malware detection and classification models based on machine learning,this paper proposes a defense mechanism based on VOTE.In the research process,it is found that the confrontation attack algorithm FGSM(Fast Gradient Sign Method)has the defect of low attack success rate.This paper proposes that the filtering operation improves the attack success rate of the counterattack algorithm,and further combines the filtering idea with the GAN(Generative Adversarial Networks)network,thereby verifying that the filtering idea is effectiveThis article uses the calling sequence of the API((Application Programming Interface)as training data,and uses machine learning methods to create multiple classifier models MLP(Multilayer Perceptron),XGBOOST(eXtreme Gradient Boosting),SVM(Support Vector Machine),DT(Decesion Tree),RF(Random Forest),where the first two models have achieved good classification results.By adding disturbances to the original malware,the above multiple models are confronted against attacks,and the model classification accuracy rate is all Different levels of decline,of which the MLP model is the most affected.Subsequently,in order to solve this problem,this article uses the VOTE defense mechanism,which makes the success rate of counterattacks decline,and the results are improved compared with mainstream defense methods.The main contributions of this article include the following four aspects:(1)The concept of "attack cost" is proposed.By comparing the original malware sample and the adversarial sample after the disturbance is added,it can measure the cost of the algorithm for making the adversarial sample.(2)Improve the traditional anti-sample generation algorithm based on FGSM.Through the research on the samples that the model is easy to "confuse",the "filter" operation is proposed,and the samples that are easy to be misclassified by the model are selected.(3)The use of GAN data enhancement mechanism set "filter" to complete the preparation of the anti-sample.(4)Proposed a defense strategy based on VOTE.