Research On Adversarial Attacks And Defenses For Image Texture Malware Detection Models

In recent years,as malware has become the main threat to the current cyberspace security.The malware detection model based on gray image is widely used because it does not require disassembly and can use the image texture of the gray image transferred by the PE file to obtain high detection accuracy.However,the adversarial game between malware detection and anti-detection is a never-ending struggle.In order to improve the robustness of this detection model in the face of adversarial attack that preserve the availability and functionality of PE files to promote its effective application in the field of malware.This paper focuses on adversarial examples that can interfere with the accurate detection of this method and new visualization methods that can defend against corresponding adversarial examples.Firstly,This paper deeply analyzes the current research on adversarial attacks of malware detection models based on gray images by domestic and foreign researchers.Aiming at the problem of the availability and functionality of adversarial examples cannot be remained caused by the unrestricted perturbation in most current adversarial attack studies,and the problem of easy detection of file header information caused by limiting the perturbation space is the tail of PE files in order to remain availability and function,this paper proposes a byte code attack method remained availability and functionality(BARAF),which ensures that the generated adversarial examples can remain the availability and functionality of PE files,and it is difficult to be detected by file header information;Secondly,in order to improve the robustness of malware detection model based on gray image in the face of BARAF,the section information which can enhance the similarity of gray image before and after the attack is used to form a new visualization method(Colored Label boxes,Co Lab)which can reduce BARAF interference,and trained a robust detection model based on this visualization method(Malware detection using Co Lab image,VGG16 and Support vector machine,Mal CVS);Finally,the attack and defense methods were tested experimentally on the public dataset.The attack experiment results show that the adversarial examples generated by BARAF method can reduce the detection accuracy rate of malware detection method based on gray image by 31.58%,which greatly affects the detection judgment of this model and the generated adversarial examples are difficult to be detected by file header information.The defense experiment results show that Mal CVS under the best parameter combination can only reduce the detection accuracy of 4.06% when facing BARAF,which is more robust than the gray imagebased malware detection model.