TY - GEN
T1 - From Blue-Sky to Practical Adversarial Learning
AU - Khormali, Aminollah
AU - Abusnaina, Ahmed
AU - Chen, Songqing
AU - Nyang, Dae Hun
AU - Mohaisen, David
N1 - Funding Information:
This work was supported in part by CyberFlorida Collaborative Seed Award (2020), NSF CNS-2007153, and the National Research Foundation of South Korea under grant NRF-2016K1A1A2912757.
Funding Information:
ACKNOWLEDGEMENT This work was supported in part by CyberFlorida Collaborative Seed Award (2020), NSF CNS-2007153, and the National Research Foundation of South Korea under grant NRF-2016K1A1A2912757.
Publisher Copyright:
© 2020 IEEE.
PY - 2020/10
Y1 - 2020/10
N2 - The state-of-the-art of adversarial machine learning on malware detection systems generally yield unexecutable samples. In this work, we make the case for understanding the robustness of visualization-based malware detection system against adversarial examples (AEs) that not only are able to fool models, but also maintain the executability of the original input. To motivate for our vision, we first investigate the application of existing off-the-shelf adversarial attack approaches on malware detection systems through which we found that those approaches do not necessarily maintain the functionality of the original inputs. Then, we discuss an approach for achieving a high misclassification rate and maintaining the executability and functionality of the original input. We use visualization-based malware detection as an example to highlight the gap between blue-sky research that focuses on aspect of the learning process, and call for more practical techniques that respect the semantics of the underlying applications.
AB - The state-of-the-art of adversarial machine learning on malware detection systems generally yield unexecutable samples. In this work, we make the case for understanding the robustness of visualization-based malware detection system against adversarial examples (AEs) that not only are able to fool models, but also maintain the executability of the original input. To motivate for our vision, we first investigate the application of existing off-the-shelf adversarial attack approaches on malware detection systems through which we found that those approaches do not necessarily maintain the functionality of the original inputs. Then, we discuss an approach for achieving a high misclassification rate and maintaining the executability and functionality of the original input. We use visualization-based malware detection as an example to highlight the gap between blue-sky research that focuses on aspect of the learning process, and call for more practical techniques that respect the semantics of the underlying applications.
KW - Adversarial Examples
KW - Deep Learning
KW - Malware Detection
KW - Visualization
UR - http://www.scopus.com/inward/record.url?scp=85100427150&partnerID=8YFLogxK
U2 - 10.1109/TPS-ISA50397.2020.00025
DO - 10.1109/TPS-ISA50397.2020.00025
M3 - Conference contribution
AN - SCOPUS:85100427150
T3 - Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020
SP - 118
EP - 127
BT - Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020
Y2 - 1 December 2020 through 3 December 2020
ER -