对抗训练驱动的恶意代码检测增强方法

doi:10.11959/j.issn.1000-436x.2022171

通信学报 ›› 2022, Vol. 43 ›› Issue (9): 169-180.doi: 10.11959/j.issn.1000-436x.2022171

对抗训练驱动的恶意代码检测增强方法

刘延华¹^,², 李嘉琪¹^,², 欧振贵¹^,², 高晓玲¹^,², 刘西蒙¹, MENG Weizhi³, 刘宝旭⁴

¹ 福州大学计算机与大数据学院，福建福州 350108
² 福建省网络计算与智能信息处理重点实验室，福建福州 350108
³ 丹麦科技大学应用数学和计算机系，哥本哈根 2800
⁴ 中国科学院信息工程研究所，北京 100093

修回日期:2022-08-29 出版日期:2022-09-25 发布日期:2022-09-01
作者简介:刘延华（1972- ），男，山东济宁人，博士，福州大学副教授、硕士生导师，主要研究方向为网络空间安全、网络数据分析、网络系统故障分析、智能计算及应用等
李嘉琪（1998- ），女，福建漳州人，福州大学硕士生，主要研究方向为恶意代码检测、网络安全等
欧振贵（1998- ），男，福建莆田人，福州大学硕士生，主要研究方向为知识图谱融合、实体对齐、知识图谱补全、链接预测等
高晓玲（1995- ），女，福建漳州人，福州大学硕士生，主要研究方向为网络安全
刘西蒙（1988- ），男，陕西西安人，博士，福州大学研究员，主要研究方向为隐私计算、密文数据挖掘、大数据隐私保护、可搜索加密等
MENG Weizhi（1986– ），男，博士，丹麦科技大学副教授，主要研究方向为入侵检测、生物认证、恶意程序检测、人工智能安全、区块链应用等
刘宝旭（1972- ），男，山东沂水人，博士，中国科学院信息工程研究所研究员、博士生导师，主要研究方向为网络攻防、威胁情报、态势感知、威胁发现、网络溯源等
基金资助:
国家自然科学基金资助项目(62072109);国家自然科学基金资助项目(U1804263);福建省自然科学基金资助项目(2021J01625);福建省自然科学基金资助项目(2021J01616);福建省科技重大专项（科教联合）项目(2021HZ022007)

Adversarial training driven malicious code detection enhancement method

Yanhua LIU¹^,², Jiaqi LI¹^,², Zhengui OU¹^,², Xiaoling GAO¹^,², Ximeng LIU¹, Weizhi MENG³, Baoxu LIU⁴

¹ College of Computer and Data Science, Fuzhou University, Fuzhou 350108, China
² Fujian Provincial Key Laboratory of Networking Computing and Intelligent Information Processing, Fuzhou University, Fuzhou 350108, China
³ Department of Applied Mathematics and Computer Science, Technical University of Denmark, Copenhagen 2800, Denmark
⁴ Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China

Revised:2022-08-29 Online:2022-09-25 Published:2022-09-01
Supported by:
The National Natural Science Foundation of China(62072109);The National Natural Science Foundation of China(U1804263);The Natural Science Foundation of Fujian Province(2021J01625);The Natural Science Foundation of Fujian Province(2021J01616);Major Science and Technology Project of Fujian Province(2021HZ022007)

摘要/Abstract

摘要：

为了解决恶意代码检测器对于对抗性输入检测能力的不足，提出了一种对抗训练驱动的恶意代码检测增强方法。首先，通过反编译工具对应用程序进行预处理，提取应用程序接口（API）调用特征，将其映射为二值特征向量。其次，引入沃瑟斯坦生成对抗网络，构建良性样本库，为恶意样本躲避检测器提供更加丰富的扰动组合。再次，提出了一种基于对数回溯法的扰动删减算法。将良性样本库中的样本以扰动的形式添加到恶意代码中，对添加的扰动进行二分删减，以较少的查询次数减少扰动的数量。最后，将恶意代码对抗样本标记为恶意并对检测器进行重训练，提高检测器的准确性和稳健性。实验结果表明，生成的恶意代码对抗样本可以躲避目标检测器的检测。此外，对抗训练提升了目标检测器的准确率和稳健性。

关键词: 对抗训练, 检测增强, 生成对抗网络, 扰动删减

Abstract:

To solve the deficiency of the malicious code detector’s ability to detect adversarial input, an adversarial training driven malicious code detection enhancement method was proposed.Firstly, the applications were preprocessed by a decompiler tool to extract API call features and map them into binary feature vectors.Secondly, the Wasserstein generative adversarial network was introduced to build a benign sample library to provide a richer combination of perturbations for malicious sample evasion detectors.Then, a perturbation reduction algorithm based on logarithmic backtracking was proposed.The benign samples were added to the malicious code in the form of perturbations, and the added benign perturbations were culled dichotomously to reduce the number of perturbations with fewer queries.Finally, the adversarial malicious code samples were marked as malicious and the detector was retrained to improve its accuracy and robustness of the detector.The experimental results show that the generated malicious code adversarial samples can evade the detector well.Additionally, the adversarial training increases the target detector’s accuracy and robustness.

Key words: adversarial training, detection enhancement, generative adversarial network, perturbation reduction

中图分类号:

TN92

刘延华, 李嘉琪, 欧振贵, 高晓玲, 刘西蒙, MENG Weizhi, 刘宝旭. 对抗训练驱动的恶意代码检测增强方法[J]. 通信学报, 2022, 43(9): 169-180.

Yanhua LIU, Jiaqi LI, Zhengui OU, Xiaoling GAO, Ximeng LIU, Weizhi MENG, Baoxu LIU. Adversarial training driven malicious code detection enhancement method[J]. Journal on Communications, 2022, 43(9): 169-180.

图/表 19

图1

表1

图2

图3

图4

表2

图5

图6

图7

图8

图9

图10

图11

图12

图13

表3

表4

表5

表6

参考文献 22

[1]	胡建伟, 车欣, 周漫 ,等．基于高斯混合模型的增量聚类方法识别恶意软件家族［J］．通信学报, 2019,40(6): 148-159．
	HU J W , CHE X , ZHOU M ,et al． Incremental clustering method based on Gaussian mixture model to identify malware family［J］． Journal on Communications, 2019,40(6): 148-159．
[2]	WANG S S , CHEN Z X , YAN Q B ,et al． Deep and broad URL feature mining for android malware detection［J］． Information Sciences, 2020,513: 600-613．
[3]	ONWUZURIKE L , MARICONTI E , ANDRIOTIS P ,et al． MaMaDroid:detecting android malware by building Markov chains of behavioral models［J］． ACM Transactions on Privacy and Security, 2019,22(2): 1-34．
[4]	刘奇旭, 王君楠, 尹捷 ,等．对抗机器学习在网络入侵检测领域的应用［J］．通信学报, 2021,42(11): 1-12．
	LIU Q X , WANG J N , YIN J ,et al． Application of adversarial machine learning in network intrusion detection［J］． Journal on Communications, 2021,42(11): 1-12．
[5]	李盼, 赵文涛, 刘强 ,等．机器学习安全性问题及其防御技术研究综述［J］．计算机科学与探索, 2018,12(2): 171-184．
	LI P , ZHAO W T , LIU Q ,et al． Security issues and their countermeasuring techniques of machine learning:a survey［J］． Journal of Frontiers of Computer Science and Technology, 2018,12(2): 171-184．
[6]	DEMETRIO L , COULL S E , BIGGIO B ,et al． Adversarial EXEmples:a survey and experimental evaluation of practical attacks on machine learning for windows malware detection［J］． ACM Transactions on Privacy and Security, 2021,24(4): 1-31．
[7]	LI D Q , LI Q M , YE Y F ,et al． Arms race in adversarial malware detection:a survey［J］． ACM Computing Surveys, 2021,55(1): 1-35．
[8]	MIRZAEIAN A , KOSECKA J , HOMAYOUN H ,et al． Diverse knowledge distillation (DKD):a solution for improving the robustness of ensemble models against adversarial attacks［C］// Proceedings of 2021 22nd International Symposium on Quality Electronic Design． Piscataway:IEEE Press, 2021: 319-324．
[9]	KWON H , LEE J ． Diversity adversarial training against adversarial attack on deep neural networks［J］． Symmetry, 2021,13(3): 428．
[10]	WANG D R , LI C R , WEN S ,et al． Defending against adversarial attack towards deep neural networks via collaborative multi-task training［J］． IEEE Transactions on Dependable and Secure Computing, 2022,19(2): 953-965．
[11]	LI D Q , LI Q M ． Adversarial deep ensemble:evasion attacks and defenses for malware detection［J］． IEEE Transactions on Information Forensics and Security, 2020,15: 3886-3900．
[12]	WANG J N , LIU Q X , LIU C G ,et al． GAN-based adversarial patch for malware C2 traffic to bypass DL detector［C］// Information and Communications Security． Berlin:Springer, 2021: 78-96．
[13]	WANG C Y , ZHANG L L , ZHAO K ,et al． AdvAndMal:adversarial training for android malware detection and family classification［J］． Symmetry, 2021,13(6): 1081．
[14]	GOODFELLOW I , POUGET-ABADIE J , MIRZA M ,et al． Generative adversarial networks［J］． Communications of the ACM, 2020,63(11): 139-144．
[15]	KIM J Y , BU S J , CHO S B ． Malware detection using deep transferred generative adversarial networks［C］// Neural Information Processing． Berlin:Springer, 2017: 556-564．
[16]	KIM J Y , BU S J , CHO S B ． Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders［J］． Information Sciences, 2018,460/461: 83-102．
[17]	LIU Y H , LI J Q , LIU B X ,et al． Malware detection method based on image analysis and generative adversarial networks［J］． Concurrency and Computation:Practice and Experience,2022:doi．org/10．1002/cpe.7170．
[18]	SUCIU O , COULL S E , JOHNS J ． Exploring adversarial examples in malware detection［C］// Proceedings of 2019 IEEE Security and Privacy Workshops． Piscataway:IEEE Press, 2019: 8-14．
[19]	HU W W , TAN Y ． Generating adversarial malware examples for black-box attacks based on GAN［J］． arXiv Preprint,arXiv:1702．05983, 2017．
[20]	王万良, 李卓蓉．生成式对抗网络研究进展［J］．通信学报, 2018,39(2): 135-148．
	WANG W L , LI Z R ． Advances in generative adversarial network［J］． Journal on Communications, 2018,39(2): 135-148．
[21]	唐川, 张义, 杨岳湘 ,等． DroidGAN:基于DCGAN的Android对抗样本生成框架［J］．通信学报, 2018,39(S1): 64-69．
	TANG C , ZHANG Y , YANG Y X ,et al． DroidGAN:Android adversarial sample generation framework based on DCGAN［J］． Journal on Communications, 2018,39(S1): 64-69．
[22]	ARJOVSKY M , CHINTALA S , BOTTOU L ． Wasserstein generative adversarial networks［C］// Proceedings of the 34th International Conference on Machine Learning．［S．l．］: JMLR.org, 2017: 214-223．

样本名称	描述
良性样本	基于WGAN模型生成的被恶意代码检测器判断为良性的样本
扰动样本	将良性样本的 API 特征以扰动的形式添加到恶意代码样本中，生成扰动样本
对抗样本	对扰动样本进行筛选，针对可以成功绕过恶意代码检测器的样本执行扰动删减算法，得到具有绕过恶意代码检测器检测的能力和较低攻击成本的对抗样本

参数名	参数值	描述
epoch	20 000	训练次数
optimizer	RMSProp	优化器
α	0.000 05	学习率
m	64	批次大小
c	0.01	判别器的权值剪裁阈值
ncritic	5	每轮训练中判别迭代次数

检测器	RF	LR	DT	SVM	MLP
D	99.93%	99.96%	99.93%	99.65%	99.82%
D_AT	100.00%	99.84%	100.00%	99.76%	99.94%

检测器	DT	MLP	LR
D	96.90%	96.97%	94.34%
D_AT	99.75%	98.33%	94.99%

攻击模型	RF	LR	DT	SVM	MLP
AE₁	99.60%	87.97%	99.97%	91.38%	94.68%
AE₂	14.40%	32.54%	89.23%	9.18%	29.78%

对抗训练驱动的恶意代码检测增强方法

Adversarial training driven malicious code detection enhancement method

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 19

参考文献 22

相关文章 15

Metrics

推荐阅读 0

攻击模型	DT	MLP	LR
AE₁	87.11%	64.80%	71.09%
AE₂	65.96%	17.56%	23.79%

[1]	张佳乐, 朱诚诚, 孙小兵, 陈兵. 基于GAN的联邦学习成员推理攻击与防御方法[J]. 通信学报, 2023, 44(5): 193-205.
[2]	苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136.
[3]	王延文, 雷为民, 张伟, 孟欢, 陈新怡, 叶文慧, 景庆阳. 基于生成模型的视频图像重建方法综述[J]. 通信学报, 2022, 43(9): 194-208.
[4]	李昂, 陈建新, 魏昕, 周亮. 面向6G的跨模态信号重建技术[J]. 通信学报, 2022, 43(6): 28-40.
[5]	段雪源, 付钰, 王坤. 基于VAE-WGAN的多维时间序列异常检测方法[J]. 通信学报, 2022, 43(3): 1-13.
[6]	向夏雨, 王佳慧, 王子睿, 段少明, 潘鹤中, 庄荣飞, 韩培义, 刘川意. 基于生成对抗网络技术的医疗仿真数据生成方法[J]. 通信学报, 2022, 43(3): 211-224.
[7]	陆彦辉, 柳寒, 李航, 朱光旭. 基于多鉴别器生成对抗网络的时间序列生成模型[J]. 通信学报, 2022, 43(10): 167-176.
[8]	刘威, 陈成, 江锐, 卢涛. 四通道无监督学习图像去雾网络[J]. 通信学报, 2022, 43(10): 210-222.
[9]	周志立, 王美民, 杨高波, 朱剑宇, 孙星明. 基于轮廓自动生成的构造式图像隐写方法[J]. 通信学报, 2021, 42(9): 144-154.
[10]	邹福泰, 谭越, 王林, 蒋永康. 基于生成对抗网络的僵尸网络检测[J]. 通信学报, 2021, 42(7): 95-106.
[11]	王洪雁, 杨晓, 姜艳超, 汪祖民. 基于多通道GAN的图像去噪算法[J]. 通信学报, 2021, 42(3): 229-237.
[12]	何遵文, 侯帅, 张万成, 张焱. 通信特定辐射源识别的多特征融合分类方法[J]. 通信学报, 2021, 42(2): 103-112.
[13]	朱晓荣,张佩佩. 基于GAN的异构无线网络故障检测与诊断算法[J]. 通信学报, 2020, 41(8): 110-119.
[14]	李琳辉,周彬,连静,周雅夫. 基于社会注意力机制的行人轨迹预测方法研究[J]. 通信学报, 2020, 41(6): 175-183.
[15]	李洪均,李超波,张士兵. 噪声稳健性的卡方生成对抗网络[J]. 通信学报, 2020, 41(3): 33-44.