Adversarial training driven malicious code detection enhancement method
To solve the deficiency of the malicious code detector’s ability to detect adversarial input, an adversarial training driven malicious code detection enhancement method was proposed.Firstly, the applications were preprocessed by a decompiler tool to extract API call features and map them into binary...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2022-09-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022171/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539996060745728 |
|---|---|
| author | Yanhua LIU Jiaqi LI Zhengui OU Xiaoling GAO Ximeng LIU Weizhi MENG Baoxu LIU |
| author_facet | Yanhua LIU Jiaqi LI Zhengui OU Xiaoling GAO Ximeng LIU Weizhi MENG Baoxu LIU |
| author_sort | Yanhua LIU |
| collection | DOAJ |
| description | To solve the deficiency of the malicious code detector’s ability to detect adversarial input, an adversarial training driven malicious code detection enhancement method was proposed.Firstly, the applications were preprocessed by a decompiler tool to extract API call features and map them into binary feature vectors.Secondly, the Wasserstein generative adversarial network was introduced to build a benign sample library to provide a richer combination of perturbations for malicious sample evasion detectors.Then, a perturbation reduction algorithm based on logarithmic backtracking was proposed.The benign samples were added to the malicious code in the form of perturbations, and the added benign perturbations were culled dichotomously to reduce the number of perturbations with fewer queries.Finally, the adversarial malicious code samples were marked as malicious and the detector was retrained to improve its accuracy and robustness of the detector.The experimental results show that the generated malicious code adversarial samples can evade the detector well.Additionally, the adversarial training increases the target detector’s accuracy and robustness. |
| format | Article |
| id | doaj-art-d49d4661454b47aaacd8e69f719e9257 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2022-09-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-d49d4661454b47aaacd8e69f719e92572025-01-14T06:28:50ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2022-09-014316918059391759Adversarial training driven malicious code detection enhancement methodYanhua LIUJiaqi LIZhengui OUXiaoling GAOXimeng LIUWeizhi MENGBaoxu LIUTo solve the deficiency of the malicious code detector’s ability to detect adversarial input, an adversarial training driven malicious code detection enhancement method was proposed.Firstly, the applications were preprocessed by a decompiler tool to extract API call features and map them into binary feature vectors.Secondly, the Wasserstein generative adversarial network was introduced to build a benign sample library to provide a richer combination of perturbations for malicious sample evasion detectors.Then, a perturbation reduction algorithm based on logarithmic backtracking was proposed.The benign samples were added to the malicious code in the form of perturbations, and the added benign perturbations were culled dichotomously to reduce the number of perturbations with fewer queries.Finally, the adversarial malicious code samples were marked as malicious and the detector was retrained to improve its accuracy and robustness of the detector.The experimental results show that the generated malicious code adversarial samples can evade the detector well.Additionally, the adversarial training increases the target detector’s accuracy and robustness.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022171/adversarial trainingdetection enhancementgenerative adversarial networkperturbation reduction |
| spellingShingle | Yanhua LIU Jiaqi LI Zhengui OU Xiaoling GAO Ximeng LIU Weizhi MENG Baoxu LIU Adversarial training driven malicious code detection enhancement method Tongxin xuebao adversarial training detection enhancement generative adversarial network perturbation reduction |
| title | Adversarial training driven malicious code detection enhancement method |
| title_full | Adversarial training driven malicious code detection enhancement method |
| title_fullStr | Adversarial training driven malicious code detection enhancement method |
| title_full_unstemmed | Adversarial training driven malicious code detection enhancement method |
| title_short | Adversarial training driven malicious code detection enhancement method |
| title_sort | adversarial training driven malicious code detection enhancement method |
| topic | adversarial training detection enhancement generative adversarial network perturbation reduction |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022171/ |
| work_keys_str_mv | AT yanhualiu adversarialtrainingdrivenmaliciouscodedetectionenhancementmethod AT jiaqili adversarialtrainingdrivenmaliciouscodedetectionenhancementmethod AT zhenguiou adversarialtrainingdrivenmaliciouscodedetectionenhancementmethod AT xiaolinggao adversarialtrainingdrivenmaliciouscodedetectionenhancementmethod AT ximengliu adversarialtrainingdrivenmaliciouscodedetectionenhancementmethod AT weizhimeng adversarialtrainingdrivenmaliciouscodedetectionenhancementmethod AT baoxuliu adversarialtrainingdrivenmaliciouscodedetectionenhancementmethod |