TY - GEN
T1 - Adversarially Reprogramming Pretrained Neural Networks for Data-limited and Cost-efficient Malware Detection
AU - Chen, Lingwei
AU - Li, Xiaoting
AU - Wu, Dinghao
N1 - Publisher Copyright:
Copyright © 2022 by SIAM.
PY - 2022
Y1 - 2022
N2 - To mitigate evolving malware attacks, machine learning models have been successfully deployed to detect malware. However, these models are often challenged by data scarcity, design efforts and constrained resources. Inspired by the adversarial vulnerability of machine learning, in this paper, we design a novel model Adv4Mal to adversarially reprogram an ImageNet classification neural network for malware detection in both white-box and black-box settings. As such, a small or moderate amount of data are sufficient to train a promising malware detection model, the varying software features can be uniformly processed without extra efforts, and the majority of computation can be wisely shared and reused to save the resources. This, to the best of our knowledge, has not yet been explored. Specifically, Adv4Mal proceeds by embedding software features into a host image to construct new data, and learning a universal perturbation to be added to all inputs in an imperceptible manner, such that the outputs of the pretrained model can be accordingly mapped to the final detection decisions for all software. We evaluate Adv4Mal on three software datasets. The experimental results demonstrate that Adv4Mal can successfully exploit ImageNet model’s learning capability and limited data to achieve high performance in malware detection, and also yield significant advantages of model flexibility to different features, and cost efficiency in computing resources.
AB - To mitigate evolving malware attacks, machine learning models have been successfully deployed to detect malware. However, these models are often challenged by data scarcity, design efforts and constrained resources. Inspired by the adversarial vulnerability of machine learning, in this paper, we design a novel model Adv4Mal to adversarially reprogram an ImageNet classification neural network for malware detection in both white-box and black-box settings. As such, a small or moderate amount of data are sufficient to train a promising malware detection model, the varying software features can be uniformly processed without extra efforts, and the majority of computation can be wisely shared and reused to save the resources. This, to the best of our knowledge, has not yet been explored. Specifically, Adv4Mal proceeds by embedding software features into a host image to construct new data, and learning a universal perturbation to be added to all inputs in an imperceptible manner, such that the outputs of the pretrained model can be accordingly mapped to the final detection decisions for all software. We evaluate Adv4Mal on three software datasets. The experimental results demonstrate that Adv4Mal can successfully exploit ImageNet model’s learning capability and limited data to achieve high performance in malware detection, and also yield significant advantages of model flexibility to different features, and cost efficiency in computing resources.
UR - http://www.scopus.com/inward/record.url?scp=85131332096&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85131332096&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85131332096
T3 - Proceedings of the 2022 SIAM International Conference on Data Mining, SDM 2022
SP - 693
EP - 701
BT - Proceedings of the 2022 SIAM International Conference on Data Mining, SDM 2022
PB - Society for Industrial and Applied Mathematics Publications
T2 - 2022 SIAM International Conference on Data Mining, SDM 2022
Y2 - 28 April 2022 through 30 April 2022
ER -