Soteria: Detecting adversarial examples in control flow graph-based malware classifiers

Hisham Alasmary, Ahmed Abusnaina, Rhongho Jang, Mohammed Abuhamad, Afsah Anwar, Dae Hun Nyang, David Mohaisen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

Deep learning algorithms have been widely used for security applications, including malware detection and classification. Recent results have shown that those algorithms are vulnerable to adversarial examples, whereby a small perturbation in the input sample may result in misclassification. In this paper, we systematically tackle the problem of adversarial examples detection in the control flow graph (CFG) based classifiers for malware detection using Soteria. Unique to Soteria, we use both density-based and level-based labels for CFG labeling to yield a consistent representation, a random walk-based traversal approach for feature extraction, and n-gram based module for feature representation. End-to-end, Soteria’s representation ensures a simple yet powerful randomization property of the used classification features, making it difficult even for a powerful adversary to launch a successful attack. Soteria also employs a deep learning approach, consisting of an auto-encoder for detecting adversarial examples, and a CNN architecture for detecting and classifying malware samples. We evaluate the performance of Soteria, using a large dataset consisting of 16,814 IoT samples, and demonstrate its superiority in comparison with state-of-the-art approaches. In particular, Soteria yields an accuracy rate of 97.79% for detecting AEs, and 99.91% overall accuracy for classification malware families.

Original languageEnglish
Title of host publicationProceedings - 2020 IEEE 40th International Conference on Distributed Computing Systems, ICDCS 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages888-898
Number of pages11
ISBN (Electronic)9781728170022
DOIs
StatePublished - Nov 2020
Event40th IEEE International Conference on Distributed Computing Systems, ICDCS 2020 - Singapore, Singapore
Duration: 29 Nov 20201 Dec 2020

Publication series

NameProceedings - International Conference on Distributed Computing Systems
Volume2020-November

Conference

Conference40th IEEE International Conference on Distributed Computing Systems, ICDCS 2020
Country/TerritorySingapore
CitySingapore
Period29/11/201/12/20

Keywords

  • Adversarial Machine Learning
  • Deep Learning
  • Internet of Things
  • Malware Detection

Fingerprint

Dive into the research topics of 'Soteria: Detecting adversarial examples in control flow graph-based malware classifiers'. Together they form a unique fingerprint.

Cite this