Analysis of attacks on machine learning-based methods for malware detection
Abstract
The more sophisticated tools and methods used by attackers has forced the computer security industry to look for improved security controls. Malicious software is often used as a tool for frequent and costly computer attacks. Therefore, a challenge in the information security industry is to detect malicious software before they scan carry out their actions. The traditional approach has been to use signatures that look for known patterns in the binaries, which has proved challenging because malware authors often obfuscate and reorder their binaries to avoid detection. Machine learning has been proposed as an orthogonal detection approach, which learns from previous malicious files to learn generalizations about malicious or benign software. These machine learning approaches has also been shown to have their weaknesses, in the form of adversarial examples, which are carefullycraftedinputswhichmakestheclassifierproduceawrongoutput.Thishasbeenshowntohave great consequences for image classifiers, where an attacker could make imperceptible changes to images that produces the wrong result. These attacks are however harder to carry out on malware, sincethe gradient-basedapproachesproposed willbreakthe interdependenciesbetweenbytes, preventing the malware from running. This thesis investigates how feature selection methods can be used to select the most important features and investigate how an adversary has to change them in order to change the prediction of a machine learning-based PE malware classifier. In the process we find how some sources of bias in datasets, testing methods of the accuracy of models. In the dataset used, PE header features and metadata extracted influence the accuracy the most.