Since the threat of malicious software (malware) has become increasingly serious, automatic malware detection techniques have received increasing attention, where machine learning (ML)-based visualization detection methods become more and more popular. In this paper, we demonstrate that the state-of-the-art ML-based visualization detection methods are vulnerable to Adversarial Example (AE) attacks. We develop a novel Adversarial Texture Malware Perturbation Attack (ATMPA) method based on the gradient descent and L-norm optimization method, where attackers can introduce some tiny perturbations on the transformed dataset such that ML-based malware detection methods will completely fail. The experimental results on the MS BIG malware dataset show that a small interference can reduce the accuracy rate down to 0% for several ML-based detection methods, and the rate of transferability is 74.1% on average.
@article{arxiv.1808.01546,
title = {ATMPA: Attacking Machine Learning-based Malware Visualization Detection Methods via Adversarial Examples},
author = {Xinbo Liu and Jiliang Zhang and Yaping Lin and He Li},
journal= {arXiv preprint arXiv:1808.01546},
year = {2020}
}