This repository aims to provide resources for adversarial attacks against Windows PE malware detection and corresponding defenses that attempt to increase the robustness of existing PE malware detection. For the categorization and more details, please refer to our survey paper Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art.
- 1. Survey Papers
- 2. Attack Papers
- Quick links sorted by years: | 2017 & before | 2018 | 2019 | 2020 | 2021 |
- 3. Defense Papers
- 4. Other Papers
- Citation
- Contributing
1. Survey Papers [Back to Top:point_up:]
- A Survey on Practical Adversarial Examples for Malware Classifiers. Daniel Park, Bülent Yener. Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2020. [pdf]
- Arms Race in Adversarial Malware Detection: A Survey. Deqiang Li, Qianmu Li, Yanfang Ye, Shouhuai Xu. ACM Computing Survey 2021. [pdf]
2. Attack Papers [Back to Top:point_up:]
- Evading Machine Learning Malware Detection. Hyrum S. Anderson, Anant Kharkar, Bobby Filar, Phil Roth. Black Hat 2017.
Black-box[pdf] [slide] - Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN. Weiwei Hu, Ying Tan. Arxiv 2017.
Black-box[pdf] [code] - Adversarial Machine Learning in Malware Detection: Arms Race between Evasion Attack and Defense. Lingwei Chen, Yanfang Ye, Thirimachos Bourlai. European Intelligence and Security Informatics Conference 2017.
Black-box[pdf]
- Generic Black-Box End-to-End Attack against State of the Art API Call based Malware Classifiers. Ishai Rosenberg, Asaf Shabtai, Lior Rokach, Yuval Elovici. RAID 2018.
Black-box[pdf] - Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning. Hyrum S. Anderson, Anant Kharkar, Bobby Filar, David Evans, Phil Roth. Arxiv 2018.
Black-box[pdf] [code] - Black-Box Attacks against RNN based Malware Detection Algorithms. Weiwei Hu, Ying Tan. AAAI Workshops 2018.
Black-box[pdf] - Enhancing Machine Learning based Malware Detection Model by Reinforcement Learning. Cangshuai Wu, Jiangyong Shi, Yuexiang Yang, Wenhua Li. International Conference on Communication and Network Security 2018.
Black-box[pdf] - Static Malware Detection & Subterfuge: Quantifying the Robustness of Machine Learning and Current Anti-virus. William Fleshman, Edward Raff, Richard Zak, Mark McLean, Charles Nicholas. International Conference on Malicious and Unwanted Software (MALWARE) 2018.
Black-box[pdf] - Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables. Bojan Kolosnjaji, Ambra Demontis, Battista Biggio, Davide Maiorca, Giorgio Giacinto, Claudia Eckert, Fabio Roli. European Signal Processing Conference 2018.
White-box[pdf] - Exploring Adversarial Examples in Malware Detection. Octavian Suciu, Scott E. Coull, Jeffrey Johns. Arxiv 2018.
White-box[pdf] - Deceiving End-to-End Deep Learning Malware Detectors using Adversarial Examples. Felix Kreuk, Assi Barak, Shir Aviv, Moran Baruch, Benny Pinkas, Joseph Keshet. Arxiv 2018.
White-box[pdf] - Adversarial Deep Learning for Robust Detection of Binary Encoded Malware. Abdullah Al-Dujaili, Alex Huang, Erik Hemberg, Una-May O’Reilly. IEEE Security and Privacy
Workshops 2018.
White-box[pdf][code]
- ATMPA: Attacking Machine Learning-based Malware Visualization Detection Methods via Adversarial Examples. Xinbo Liu, Jiliang Zhang, Yaping Lin, He Li. IEEE/ACM IWQoS 2019.
White-box[pdf] - Evading Anti-malware Engines with Deep Reinforcement Learning. Zhiyang Fang, Junfeng Wang, Boya Li, Siqi Wu, Yingjie Zhou, Haiying Huang. IEEE Access 2019.
Black-box[pdf] - ARMED: How Automatic Malware Modifications Can Evade Static Detection?. Raphael Labaca Castro, Corinna Schmitt, Gabi Dreo Rodosek. International Conference on Information Management 2019.
Black-box[pdf] [code] - AIMED: Evolving Malware with Genetic Programming to Evade Detection. Raphael Labaca Castro, Corinna Schmitt, Gabi Dreo Rodosek. IEEE International Conference On Trust, Security And Privacy In Computing And Communications/IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) 2019.
Black-box[pdf] [code] - Improved MalGAN: Avoiding Malware Detector by Leaning Cleanware Features. Masataka Kawai, Kaoru Ota, Mianxing Dong. International Conference on Artificial Intelligence in Information and Communication 2019.
Black-box[pdf] - Evading API Call Sequence Based Malware Classifiers. FenilFadadu, AnandHanda, NiteshKumar SandeepKumarShukla. The 21st International Conference on Information and Communications Security 2019.
Black-box[pdf] - Shallow Security: on the Creation of Adversarial Variants to Evade Machine Learning-Based Malware Detectors. Fabricio Ceschin, Marcus Botacin, Heitor Murilo Gomes, L. S. Oliveira, A. Grégio. Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2019.
Black-box[pdf] [code] - Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes. Keane Lucas, Mahmood Sharif, Lujo Bauer, Michael K. Reiter, Saurabh Shintre. Arxiv 2019.
Black-box and White-box[pdf] [code] - Adversarial Examples for CNN-Based Malware Detectors. Bingcai Chen, Zhongru Ren, Chao Yu, Iftikhar Hussain, Jintao Liu. IEEE Access 2019.
Black-box and White-box[pdf] - Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries. Luca Demetrio, Battista Biggio, Giovanni Lagorio, Fabio Roli, Alessandro Armando. Arxiv 2019.
White-box[pdf] - COPYCAT: Practical Adversarial Attacks on Visualization-based Malware Detection. Aminollah Khormali, Ahmed Abusnaina, Songqing Chen, DaeHun Nyang, Aziz Mohaisen. Arxiv 2019.
Black-box and White-box[pdf] - Generation & Evaluation of Adversarial Examples for Malware Obfuscation. Daniel Park, Haidar Khan, Bulent Yener. IEEE International Conference On Machine Learning And Applications 2019.
Black-box and White-box[pdf]
- Query-Efficient Black-Box Attack Against Sequence-Based Malware Classifiers. Ishai Rosenberg, Asaf Shabtai, Yuval Elovici, Lior Rokach. ACSAC 2020: Annual Computer Security Applications Conference.
Black-box[pdf] - MalFox: Camouflaged Adversarial Malware Example Generation Based on C-GANs Against Black-Box Detectors. Fangtian Zhong, Xiuzhen Cheng, Dongxiao Yu, Bei Gong, Shuaiwen Song, Jiguo Yu. Arxiv 2020.
Black-box[pdf] - Generating Adversarial Examples for Static PE Malware Detector Based on Deep Reinforcement Learning. Jun Chen, Jingfei Jiang, Rongchun Li, Yong Dou. Journal of Physics: Conference Series 2020.
Black-box[pdf] - Semantic-preserving Reinforcement Learning Attack Against Graph Neural Networks for Malware Detection. Lan Zhang, Peng Liu, Yoon-Ho Choi. Arxiv 2020.
Black-box[pdf] - Black-box Adversarial Attacks Against Deep Learning Based Malware Binaries Detection with GAN. Junkun Yuan, Shaofang Zhou, Lanfen Lin, Feng Wang, Jia Cui. European Conference on Artificial Intelligence 2020.
Black-box[pdf] - MDEA: Malware Detection with Evolutionary Adversarial Learning. Xiruo Wang, Risto Miikkulainen. IEEE Congress on Evolutionary Computation 2020.
Black-box[pdf] - MAB-Malware: A Reinforcement Learning Framework for Attacking Static Malware Classifiers. Wei Song, Xuezixiang Li, Sadia Afroz, Deepali Garg, Dmitry Kuznetsov, Heng Yin. Arxiv 2020.
Black-box[pdf] [code] - DeepDetectNet vs RLAttackNet: An Adversarial Method to Improve Deep Learning based Static Malware Detection Model. Yong Fang, Yuetian Zeng, Beibei LiID, Liang Liu, Lei Zhang. PLoS ONE 2020.
Black-box[pdf] - Generating End-to-End Adversarial Examples for Malware Classifiers Using Explainability. Ishai Rosenberg, Shai Meir, Jonathan Berrebi, Ilay Gordon, Guillaume Sicard, Eli Omid David. International Joint Conference on Neural Networks 2020.
White-box[pdf] - The Robust Malware Detection Challenge and Greedy Random Accelerated Multi-Bit Search. Sicco Verwer, Azqa Nadeem, Christian Hammerschmidt, Laurens Bliek, Abdullah Al-Dujaili, Una-May O'Reilly. ACM Workshop on Artificial Intelligence and Security (AISec) 2020.
White-box[pdf] [code] - An Adversarial Machine Learning Method based on OpCode N-grams Feature in Malware Detection. Xiang Li, Kefan Qiu, Cheng Qian, Gang Zhao. IEEE International Conference on Data Science in Cyberspace 2020.
White-box[pdf]
- An IRL-based Malware Adversarial Generation Method to Evade Anti-malware Engines. Xintong Li, Qi Li. Computers & Security 2021.
White-box[pdf] - Binary Black-Box Attacks against Static Malware Detectors with Reinforcement Learning in Discrete Action Spaces. Mohammadreza Ebrahimi, Jason Pacheco, Weifeng Li, James Lee Hu. IEEE Security and Privacy Workshops 2021.
Black-box[pdf] - Improving Adversarial Attacks against Executable Raw Byte Classifiers. Justin Burr, Shengjie Xu. IEEE INFOCOM Poster 2021.
White-box[pdf] - AIMED-RL: Exploring Adversarial Malware Examples with Reinforcement Learning. Labaca-Castro, Raphael, Sebastian Franz, Gabi Dreo Rodosek. Joint European Conference on Machine Learning and Knowledge Discovery in Databases (ECML-PKDD) 2021.
Black-box[pdf] [code] - Functionality-preserving Black-box Optimization of Adversarial Windows Malware. Luca Demetrio, Battista Biggio, Giovanni Lagorio, Fabio Roli, Alessandro Armando1. IEEE Transactions on Information Forensics and Security 2021.
Black-box[pdf] [code] - Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection. Luca Demetrio, Scott E. Coull, Battista Biggio, Giovanni Lagorio, Alessandro Armando, Fabio Roli. ACM Transactions on Privacy and Security 2021.
Black-box and White-box[pdf] [code]
3. Defense Papers [Back to Top:point_up:]
- Against All Odds: Winning the Defense Challenge in an Evasion Competition with Diversification. Erwin Quiring, Lukas Pirch, Michael Reimsbach, Daniel Arp, Konrad Rieck. Arxiv 2020. [pdf]
- Soteria: Detecting Adversarial Examples in Control Flow Graph-based Malware Classifiers. Hisham Alasmary, Ahmed Abusnaina, Rhongho Jang, Mohammed Abuhamad, Afsah Anwar, DaeHun Nyang, David Mohaisen. IEEE International Conference on Distributed Computing Systems (ICDCS) 2020. [pdf]
4. Other Papers [Back to Top:point_up:]
- Deceiving Portable Executable Malware Classifiers into Targeted Misclassification with Practical Adversarial Examples. Yunus Kucuk, Guanhua Yan. ACM Conference on Data and Application Security and Privacy 2020.
source code attack[pdf] - Best-Effort Adversarial Approximation of Black-Box Malware Classifiers. Abdullah Ali, Birhanu Eshete. 16th EAI International Conference on Security and Privacy in Communication Networks 2020.
model steal attack[pdf] - Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers. Tzvika Shapira, David Berend, Ishai Rosenberg, Yang Liu, Asaf Shabtai, Yuval Elovici. Arxiv 2020.
poisoning attack[pdf]
Citation [Back to Top:point_up:]
If you find this repository or our survey paper helpful, we would really appreciate it if you could cite our paper below.
@article{ling2021survey,
title={Adversarial Attacks against {Windows PE} Malware Detection: A Survey of the State-of-the-Art},
author={Xiang Ling and Lingfei Wu and Jiangyu Zhang and Zhenqing Qu and Wei Deng and Xiang Chen and Chunming Wu and Shouling Ji and Tianyue Luo and Jingzheng Wu and Yanjun Wu},
journal={arXiv preprint arXiv:2112.12310},
year={2021}
}Contributing [Back to Top:point_up:]
This repository is mainly maintained by Xiang Ling, Jiangyu Zhang and Zhenqing Qu. We are very much welcome contributors for contributing with the following Markdown format:
**Paper Name**. *Author 1, Author 2, ..., and Author N*. Conference/Journal Year. `Categorization Keywords` [[pdf](pdf_link)] [[code](code_link)]
We thank all the contributors to this repository.
Please note that this repository is released with a Contributor Code of Conduct. By participating in this repository you agree to abide by its terms.
