Poster: Evading Web Malware Classifiers using Genetic Programming

نویسنده

  • Anant Kharkar
چکیده

Malware classifiers based on machine learning models have become increasingly popular. These classifiers use a combination of structural and dynamic features to detect malware in various domains, including PDF, binaries, and web pages. We propose to use genetic programming techniques to automatically generate variants of malicious web pages that evade state-ofthe-art classifiers. Our method builds on the approach Xu et al. (NDSS 2016) developed for successfully evading PDF classifiers. Adapting this method to web page classifiers poses additional challenges because of the dynamic and hybrid strategies used by those classifiers and the complex structure of web pages.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Poster: Automatically Evading Classifiers A Case Study on Structural Feature-based PDF Malware Classifiers

Machine learning methods are widely used in security tasks. However, the robustness of these models against motivated adversaries is unclear. In this work, we propose a generic method that simulates evasion attempts to evaluate the robustness of classifiers under attack. We report results from experiments automatically generating malware variants to evade classifiers, from which we have observe...

متن کامل

Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers

Machine learning is widely used to develop classifiers for security tasks. However, the robustness of these methods against motivated adversaries is uncertain. In this work, we propose a generic method to evaluate the robustness of classifiers under attack. The key idea is to stochastically manipulate a malicious sample to find a variant that preserves the malicious behavior but is classified a...

متن کامل

Eliminate Evading Analysis Tricks in Malware using Dynamic Slicing

In order to be a long time alive, modern malware often make anti-emulation check after launched for evading dynamic analysis. Malware authors gain fingerprint information of target environment through several API to detect whether their creations are running in monitored state or not. If an emulated analysis environment is detected, the malware will change its running to avoid malicious behavio...

متن کامل

Feature-based Malicious URL and Attack Type Detection Using Multi-class Classification

Nowadays, malicious URLs are the common threat to the businesses, social networks, net-banking etc. Existing approaches have focused on binary detection i.e. either the URL is malicious or benign. Very few literature is found which focused on the detection of malicious URLs and their attack types. Hence, it becomes necessary to know the attack type and adopt an effective countermeasure. This pa...

متن کامل

Metamorphic Code from LLVM IR Bytecode

Metamorphic software changes its internal structure across generations with its functionality remaining unchanged. Metamorphism has been employed by malware writers as a means of evading signature detection and other advanced detection strategies. However, code morphing also has potential security benefits, since it can serve to increase the “genetic diversity” of software. We have created a me...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2016