TUM Logo

MANIS: Evading Malware Detection System on Graph Structure

Adversarial machine learning has attracted attention because it makes classifiers vulnerable to attacks. Meanwhile, machine learn- ing on graph-structured data makes great achievements in many fields like social networks, recommendation systems, molecular structure prediction, and malware detection. Unfortunately, al- though the malware graph structure enables effective detection of malicious code and activity, it is still vulnerable to adversarial data manipulation. However, adversarial example crafting for machine learning systems that utilize the graph structure, especially taking the entire graph as an input, is very little noticed. In this paper, we advance the field of adversarial machine learning by designing an approach to evade machine learning-based classification systems, which takes the whole graph structure as input through adversar- ial example crafting. We derive such an attack and demonstrate it by constructing MANIS, a system that can evade graph-based malware detection with two attacking approaches: the n-strongest nodes and the gradient sign method. We evaluate our adversarial crafting techniques utilizing the Drebin malicious dataset. Under the white-box attack, we get a 72.2% misclassification rate only by injecting 22.7% nodes with the n-strongest node. For the gradient sign method, we obtain a 33.4% misclassification rate with 36.34% node injection. Under the gray-box attack, the performance of our adversarial examples is evenly significant, although attackers may not have the complete knowledge of the classifiers’ mechanisms

MANIS: Evading Malware Detection System on Graph Structure

Authors: Peng Xu, Bojan Kolosnjaji, Claudia Eckert, and Apostolis Zarras
Year/month: 2019/3
Booktitle: The 35th ACM/SIGAPP Symposium On Applied Computing
Fulltext: paper.pdf

Abstract

Adversarial machine learning has attracted attention because it makes classifiers vulnerable to attacks. Meanwhile, machine learn- ing on graph-structured data makes great achievements in many fields like social networks, recommendation systems, molecular structure prediction, and malware detection. Unfortunately, al- though the malware graph structure enables effective detection of malicious code and activity, it is still vulnerable to adversarial data manipulation. However, adversarial example crafting for machine learning systems that utilize the graph structure, especially taking the entire graph as an input, is very little noticed. In this paper, we advance the field of adversarial machine learning by designing an approach to evade machine learning-based classification systems, which takes the whole graph structure as input through adversar- ial example crafting. We derive such an attack and demonstrate it by constructing MANIS, a system that can evade graph-based malware detection with two attacking approaches: the n-strongest nodes and the gradient sign method. We evaluate our adversarial crafting techniques utilizing the Drebin malicious dataset. Under the white-box attack, we get a 72.2% misclassification rate only by injecting 22.7% nodes with the n-strongest node. For the gradient sign method, we obtain a 33.4% misclassification rate with 36.34% node injection. Under the gray-box attack, the performance of our adversarial examples is evenly significant, although attackers may not have the complete knowledge of the classifiers’ mechanisms

Bibtex:

@conference {
author = { Peng Xu and Bojan Kolosnjaji and Claudia Eckert and Apostolis Zarras },
title = { MANIS: Evading Malware Detection System on Graph Structure },
year = { 2019 },
month = { March },
booktitle = { The 35th ACM/SIGAPP Symposium On Applied Computing },
url = {https://www.sec.in.tum.de/i20/publications/manis-evading-malware-detection-system-on-graph-structure/@@download/file/paper.pdf}
}