Proj THUDBFuzz Paper Reading: Intelligent Malware Defenses

Abstract

本文内容：
总结了malware detection, malware analysis, adversarial malware, and malware author attribution, ml + machine learning相关研究

1. Intro

1. 值得注意的是，机器学习对攻击者也很有用：由于威胁环境的内在对抗性，机器学习不仅被用于构建智能防御，还被用于开发逃避检测的智能攻击。仅在过去⼗年中，这种竞赛就产⽣了 20,000 多篇研究⽂章。

2. Malware Characterization

2.1 Platform-Specific Malware and Defenses

2.2 Feature Sources

静态特征

常来自好、坏软件的学习对比

1. PE header
2. manifest
3. Dalvik bytecode
4. OpCodes
5. function API calls
6. permissions, amount and types
7. control flow graphs & data flow graphs

动态特征

1. system API calls
2. memory access patterns
3. running processes

网络特征

环境特点：can remotely, lower overhead, system-related, noisy ground truth, non-stationary data distribution

1. traffic connections
2. http header fields

2.3 Feature Engineering Modes

DBN, 分类器，Echo State Network, interpretable deep learning model

2.4 Feature Representation

统计、图形、图像和序列

3 Malware Detection

签名、行为
基于检测or基于分析

3.1 Statistical Approaches

K-Nearest Neighbors (KNN）， Support Vector Machine (SVM)， Bayesian classification，Polynomial Kernel classifiers，随机森林，histograms， K-Means， Self Organizing Feature Maps (SOMs)，Deep Belief Networks，Ensemble Learning，Rotation forests,

3.2 Graph-Mining Approaches

文件间关系、信念传播算法、局部敏感hash、 Heterogeneous Information Network (HIN)、 low-dimensional representations、Triggering Relation Graphs、backward- and forward-causality graph

3.3 Image Visualization Approaches

基本方法：代码转化为图像，+ML
前提：（a）恶意软件家族由于代码重用⽽具有相似的图像，以及（b）恶意软件图像与好软件图像显着不同。

3.4 Sequence Learning Approaches

PE表示为n-gram（3-gram最好） + Random Forest
OpCode 序列对专⻔用于军事⽬的的 IoT 恶意软件
在云环境中使用深度学习和动态系统调用序列进行恶意软件分类
将恶意软件的⼆进制代码映射到氨基酸字符，并使用所谓的残基替换矩阵

3.5 Performance Optimizations

Feature Reduction

Hardware-Assisted Detection

Hardware-assisted Malware Detection
HMD 是安装在微处理器上的轻型探测器，可提供第⼀道防线，并减少基于软件的探测器的开销。
Hardware Performance Counters
专用分类器是恶意软件家族特定的分类器，即⼀个分类器针对⼀类恶意软件进行训练。他们使用 LR 是因为它在微处理器上的实现便宜且简单。

3.6 Trends

4 Additional Research Directions

4.1 Malware Analysis

Ucci等，Malware Analysis Economics, studies the trade-off between detection accuracy and the resources required for detection.
该调查提供了用于 Windows PE 恶意软件的研究⽬标、功能和 ML 算法的分类。他们确定了恶意软件分类的热⻔趋势。他们还提出了恶意软件分析经济学的概念，该概念研究了检测准确性和检测所需资源之间的权衡。

Increasing Interpretability

Zhang et al. [139] propose a framework to visualise the causal relationships between network requests to help detect abnormal events. Their user studies reveal that visualising network traffic in this way enhances analysts’ malware detection capabilities.可视化⽹络请求之间的因果关系，以帮助检测异常事件

Mariconti et al. [70] perform causality analysis on user actions that trigger a malware infection. They characterize malware samples by the trigger-actions commonly performed by users. Their method can successfully infer relations between, e.g., information-stealing malware and web pages asking for user credentials.
对触发恶意软件感染的用⼾行为进行因果关系分析。他们通过用⼾通常执行的触发操作来表征恶意软件样本。他们的⽅法可以成功推断信息窃取恶意软件和要求用⼾凭据的⽹⻚之间的关系

Suarez et al. [119] build a dendrogram of malware families showing overlapping code snippets, which helps them to generate evolution-invariant signatures.
构建了⼀个恶意软件家族的树状图，显⽰重叠的代码⽚段，这有助于它们⽣成进化不变的签名。

Smith et al. [115] have pointed towards the semantic gap between the machine
learning and malware analysis communities, making it possible to understand what a malware is doing 将任务从识别恶意软件重新定位到识别行为

Nadeem et al. [81] have proposed the use of behavioral profiles to describe malware samples as opposed to using black-box family names. They develop MalPaCA, a clusteringbased framework that discovers distinct behaviors present in network traffic and uses the cluster membership information to generate a profile for each malware sample.使用行为配置⽂件来描述恶意软件样本，⽽不是使用⿊盒家族名称. MalPaCA，这是⼀个基于集群的框架，可以发现⽹络流量中存在的不同行为，并使用集群成员信息为每个恶意软件样本⽣成配置⽂件。

Collecting Traces

建⽴⼀个众包系统从⽆限数量的真实智能⼿机用⼾那里收集系统跟踪，解决了恶意软件数据集的不可用性问题

引⼊联盟区块链框架来解决这个问题。区块链被用作恶意软件特征特征的数据库。他们的分类器使用区块链进行恶意软件家族识别

Sandboxing

Wang et al. [126] propose a fuzzing-based approach to forcefully trigger malware’s hidden behaviors.
提出了⼀种基于模糊测试的⽅法来强制触发恶意软件的隐藏行为

Yerima et al. [133] have recently proposed a machine learning based malware analysis framework. They learn a state machine of each Android application using code’s static analysis. They use insights from the state machine to guide the so-called stateful event generation. They also compare with an existing approach based on random event-generation and show that the guided behavior-triggering approach results in better data collection.
他们使用代码的静态分析来学习每个 Android 应用程序的状态机。他们使用来⾃状态机的洞察力来指导所谓的有状态事件⽣成。

Yokoyama et al. [135] show that it is possible for attackers to use straightforward machine learning algorithms to differentiate between a sandbox and a live system based on leaking characteristics of Windows-based sandboxes
攻击者可以使用简单的机器学习算法根据基于 Windows 的沙箱的泄漏特征来区分沙箱和实时系统

Miramirkhani et al. [74] propose sandbox evasion techniques based on the natural ‘wear and tear’ of a real system compared to that of a sandbox. They exploit the past usage of a system to determine its age and degree of use. They show that a simple decision tree classifier can differentiate between a sandbox and a real system with a very high accuracy
他们利用系统过去的使用情况来确定其使用年限和使用程度。他们表明，⼀个简单的决策树分类器可以⾮常准确地区分沙盒和真实

Trend

LIME[98]和 SHAP [69]提供了最强⼤和最稳定的解释?
机器学习尚未应用于恶意软件谱系某个恶意软件家族在结构、行为及其⽬标⽅⾯如何随时间演变？

4.2 Adversarial Malware

Offensive Security

对抗性样本的两个关键
(a) the perturbations are performed in the continuous domain, while malware binaries exist in the discrete domain;
(b) the frameworks often create perturbations that break functionality of the executable

a reinforcement learning-based method to guide the search for functionality preserving perturbations.

Grosse et al. [38] propose a method for crafting adversarial examples that operates in the discrete domain and preserves functionality. They craft adversarial Android malware by adding constraints to the perturbations—they only allow changes in the manifest file that adds a single line of code to the application. They use the adversarial examples on Drebin [12] and report a misclassification (evasion) rate of 69%.
向扰动添加约束来制作对抗性 Android 恶意软件。他们只允许在Manifest中进行更改，从⽽将单行代码添加到应用程序，报告错误分类（逃避）率为 69%

a local substitute (surrogate) model of the victim RNN that propagates the gradients to a generative RNN that produces sequential adversarial examples

saddle-point optimization problem

perturbing the Dalvik byte code to craft adversarial Android malware

GRAMS, which is a greedy approach that randomly flips bits to obtain functionality preserving high-quality adversarial examples in the discrete domain

poison behavioral malware clustering
a weak attacker who injects malicious code in the non-logical part of the application, such as manifest file
a strong attacker who injects malicious code in resources, such as jar or jpg
a sophisticated attacker who uses Dynamic Code Loading via Reflection for injecting malicious code at run-time

Defensive Security

Trend

4.3 Malware Author Attribution

use a sequence alignment algorithm to measure similarity among different system call sequences. Then, they extract evasion signatures from the behavioral clusters

Li et al. [62] investigate the resilience of ensemble classifiers and the effectiveness of ensemble attacks.

Chen et al. [24] have developed a self-adaptive learning scheme for detecting poisoning attacks.

5 Challenges in ML-Applied Malware Defenses

1. Robustness Against Time-Decay
   Jordaney et al. [48] and Wang et al. [127] use P-values that can proactively detect concept drift before the classifier’s performance starts to degrade.
2. Robustness Against Evasion
3. Imbalanced Training-Set
4. Evaluation Metrics
   Credibility measures the homogeneity of a given label compared to others of the same class
   Confidence measures the separation between a given label and other classes.
5. Privacy Concerns
6. Performance Optimizations

6 Open Problems in ML-Based Malware Defenses

1. the absence of toy problems and representative datasets
2. malware ground truth is inherently inconsistent and unreliable
3. overlook explainability

7 Summary