没有合适的资源?快使用搜索试试~ 我知道了~
藏经阁-Bot vs.BOt_Evading Machine.pdf
需积分: 5 0 下载量 123 浏览量
2023-08-28
20:21:14
上传
评论
收藏 3.81MB PDF 举报
温馨提示
试读
22页
藏经阁-Bot vs.BOt_Evading Machine.pdf
资源推荐
资源详情
资源评论
Bot vs. Bot:
Evading Machine Learning
Malware Detection
Hyrum Anderson
@drhyrum
/in/hyrumanderson
The Promise of Machine Learning
• Learn from data what constitutes malicious
content or behavior
• Discriminatory patterns learned automatically,
not obviously constructed by hand
• Generalize to never-before-seen samples and
variants…
• …so long as data used for “training” is representative of
deployment conditions
• motivated adversaries actively trying to invalidate this
assumption
x
1
rule malware {
strings:
$reg = “\\CurrentVersion\\Internet Settings”
condition:
filesize < 203K and #reg > 3 }
Goal: Can You Break Machine Learning?
§ Static machine learning model trained on millions of samples
x
1
Machine Learning
Model
score=0.75
(malicious, moderate confidence)
• Simple structural changes that don’t change behavior
!"#$%&' ()'"*&%&+(
!,-'.
score=0.49
(benign, just barely)
• unpack
• ‘.text’ -> ‘.foo’ (remains valid entry point)
• create ‘.text’ and populate with ‘.text from calc.exe’
Adversarial Examples
• Machine learning models have blind spots / hallucinate (modeling error)
• Depending on model and level of access, they can be straightforward to exploit
• e.g., deep learning is fully differentiable
(directly query what perturbation would best bypass model)
• Adversarial examples can generalize across models / model types (Goodfellow 2015)
• blind spots in MY model may also be blind spots in YOUR model
/0#".'-(1,*(2%0%3%.%456
%7"+'(#*'-%48($4498::;;;<9,90#%<#,7:35="&4%&'>0#%'&#'>-'#'%2%&+>"*4%1%#%".>%&4'..%+'&#'
Taxonomy of Attacks Against ML
• …can get a score
• black box…
• …but can arbitrarily probe
and get a score
• score = raw output /
confidence before
thresholding for good/bad
• …has your model
• architecture & weights are
known
• a direct attack on your
model
• “easy” for deep learning
• gradient perturbation
• dueling models / GAN
• …can get good/bad
• black box…
• …but can arbitrarily probe
and get a label
• label = malicious / benign
• also a viable solution for
traditional AV scanners
?&("-2'*0"*5@
A1 ,*(?&-*,%-(7".;"*'B(
/C"9'*&,4 '4(".<(DEFG6
A1 ,*(HI?(-'4'#4%,&B(
/?&-'*0,&('4(".<(DEFG6
J2"-'!) A1,*(CHK(7".;"*'B(
/LMN(O%N(J2"&0N(DEFG6
!".I"& ACJ8(P&,;&(1'"4M*'0B
/QMN((R"&N(DEFS6
difficulty for adversary to bypass
adversary’s knowledge about your model
剩余21页未读,继续阅读
资源评论
weixin_40191861_zj
- 粉丝: 63
- 资源: 1万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 人脸检测-使用OpenCV实现的动漫+漫画人脸检测算法-附项目源码-优质项目实战.zip
- 道路贴图,材质材料免费
- 58234458141025
- 人脸检测-基于OpenCV+Node.js+WebSockets实现的实时人脸检测应用-附项目源码-优质项目实战.zip
- 一些常见的MySQL死锁案例-mysql-deadlocks-master(源代码+案例+图解说明)
- UE4动画烘焙器-ue4.27
- 新建文件夹.zip
- 1103a2a791bbd96ea98021062e327495b1c422e32fb27e0c2d6404b1bd74b692.gif
- 同城相亲交友php小程序
- stm32f103实现的按键FIFO
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功