TY - GEN
T1 - Soteria
AU - Alasmary, Hisham
AU - Abusnaina, Ahmed
AU - Jang, Rhongho
AU - Abuhamad, Mohammed
AU - Anwar, Afsah
AU - Nyang, Dae Hun
AU - Mohaisen, David
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/11
Y1 - 2020/11
N2 - Deep learning algorithms have been widely used for security applications, including malware detection and classification. Recent results have shown that those algorithms are vulnerable to adversarial examples, whereby a small perturbation in the input sample may result in misclassification. In this paper, we systematically tackle the problem of adversarial examples detection in the control flow graph (CFG) based classifiers for malware detection using Soteria. Unique to Soteria, we use both density-based and level-based labels for CFG labeling to yield a consistent representation, a random walk-based traversal approach for feature extraction, and n-gram based module for feature representation. End-to-end, Soteria’s representation ensures a simple yet powerful randomization property of the used classification features, making it difficult even for a powerful adversary to launch a successful attack. Soteria also employs a deep learning approach, consisting of an auto-encoder for detecting adversarial examples, and a CNN architecture for detecting and classifying malware samples. We evaluate the performance of Soteria, using a large dataset consisting of 16,814 IoT samples, and demonstrate its superiority in comparison with state-of-the-art approaches. In particular, Soteria yields an accuracy rate of 97.79% for detecting AEs, and 99.91% overall accuracy for classification malware families.
AB - Deep learning algorithms have been widely used for security applications, including malware detection and classification. Recent results have shown that those algorithms are vulnerable to adversarial examples, whereby a small perturbation in the input sample may result in misclassification. In this paper, we systematically tackle the problem of adversarial examples detection in the control flow graph (CFG) based classifiers for malware detection using Soteria. Unique to Soteria, we use both density-based and level-based labels for CFG labeling to yield a consistent representation, a random walk-based traversal approach for feature extraction, and n-gram based module for feature representation. End-to-end, Soteria’s representation ensures a simple yet powerful randomization property of the used classification features, making it difficult even for a powerful adversary to launch a successful attack. Soteria also employs a deep learning approach, consisting of an auto-encoder for detecting adversarial examples, and a CNN architecture for detecting and classifying malware samples. We evaluate the performance of Soteria, using a large dataset consisting of 16,814 IoT samples, and demonstrate its superiority in comparison with state-of-the-art approaches. In particular, Soteria yields an accuracy rate of 97.79% for detecting AEs, and 99.91% overall accuracy for classification malware families.
KW - Adversarial Machine Learning
KW - Deep Learning
KW - Internet of Things
KW - Malware Detection
UR - http://www.scopus.com/inward/record.url?scp=85094333207&partnerID=8YFLogxK
U2 - 10.1109/ICDCS47774.2020.00089
DO - 10.1109/ICDCS47774.2020.00089
M3 - Conference contribution
AN - SCOPUS:85094333207
T3 - Proceedings - International Conference on Distributed Computing Systems
SP - 888
EP - 898
BT - Proceedings - 2020 IEEE 40th International Conference on Distributed Computing Systems, ICDCS 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 29 November 2020 through 1 December 2020
ER -