Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes
Abstract
Motivated by the transformative impact of deep neural networks (DNNs) in various domains, researchers and anti-virus vendors have proposed DNNs for malware detection from raw bytes that do not require manual feature engineering. In this work, we propose an attack that interweaves binary-diversification techniques and optimization frameworks to mislead such DNNs while preserving the functionality of binaries. Unlike prior attacks, ours manipulates instructions that are a functional part of the binary, which makes it particularly challenging to defend against. We evaluated our attack against three DNNs in white- and black-box settings, and found that it often achieved success rates near 100%. Moreover, we found that our attack can fool some commercial anti-viruses, in certain cases with a success rate of 85%. We explored several defenses, both new and old, and identified some that can foil over 80% of our evasion attempts. However, these defenses may still be susceptible to evasion by attacks, and so we advocate for augmenting malware-detection systems with methods that do not rely on machine learning.
Cite
@article{arxiv.1912.09064,
title = {Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes},
author = {Keane Lucas and Mahmood Sharif and Lujo Bauer and Michael K. Reiter and Saurabh Shintre},
journal= {arXiv preprint arXiv:1912.09064},
year = {2021}
}
Comments
Code for transformations at https://github.com/pwwl/enhanced-binary-diversification. Presentation at https://dl.acm.org/doi/10.1145/3433210.3453086. An author of a related work [32] contacted us regarding our characterization of their defense (Sec 2.2). They point out that our attack is not within the stated scope of their defense, but agree their defense would be ineffective against our attack