MalFuzz: Coverage-guided fuzzing on deep learning-based malware classification model

With the continuous development of deep learning, more and more domains use deep learning technique to solve key problems. The security issues of deep learning models have also received more and more attention. Nowadays, malware has become a huge security threat in cyberspace. Traditional signature-...

Descripción completa

Detalles Bibliográficos
Autores principales: Liu, Yuying, Yang, Pin, Jia, Peng, He, Ziheng, Luo, Hairu
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Public Library of Science 2022
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9477281/
https://www.ncbi.nlm.nih.gov/pubmed/36107957
http://dx.doi.org/10.1371/journal.pone.0273804
_version_ 1784790323936886784
author Liu, Yuying
Yang, Pin
Jia, Peng
He, Ziheng
Luo, Hairu
author_facet Liu, Yuying
Yang, Pin
Jia, Peng
He, Ziheng
Luo, Hairu
author_sort Liu, Yuying
collection PubMed
description With the continuous development of deep learning, more and more domains use deep learning technique to solve key problems. The security issues of deep learning models have also received more and more attention. Nowadays, malware has become a huge security threat in cyberspace. Traditional signature-based malware detection methods are not adaptable to the current large-scale malware detection. Thus many deep learning-based malware detection models are widely used in real malware detection scenarios. Therefore, we need to secure the deep learning-based malware detection models. However, model testing currently focuses on image and natural language processing models. There is no related work to test deep learning-based malware detection models specifically. Therefore, to fill this gap, we propose MalFuzz. MalFuzz uses the idea of coverage-guided fuzzing to test deep learning-based malware detection models. To solve the model state representation problem, MalFuzz uses the first and last layer neuron values to approximately represent the model state. To solve the new coverage calculation problem, MalFuzz uses the fast approximate nearest neighbor algorithm to compute the new coverage. The mutation strategy and seed selection strategy in image model or natural language processing model testing is not appropriate in deep learning-based malware detection model testing. Hence MalFuzz designs the seed selection strategy and seed mutation strategy for malware detection model testing. We performed extensive experiments to demonstrate the effectiveness of MalFuzz. Based on MalConv, Convnet, and CNN 2-d, we compared the modified TensorFuzz and MAB-malware with MalFuzz. Experiment results show that MalFuzz can detect more model classification errors. Likewise, the mutation operation of MalFuzz can retain the original functionality of malware with high probability. Moreover, the seed selection strategy of MalFuzz can help us explore the model state space quickly.
format Online
Article
Text
id pubmed-9477281
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher Public Library of Science
record_format MEDLINE/PubMed
spelling pubmed-94772812022-09-16 MalFuzz: Coverage-guided fuzzing on deep learning-based malware classification model Liu, Yuying Yang, Pin Jia, Peng He, Ziheng Luo, Hairu PLoS One Research Article With the continuous development of deep learning, more and more domains use deep learning technique to solve key problems. The security issues of deep learning models have also received more and more attention. Nowadays, malware has become a huge security threat in cyberspace. Traditional signature-based malware detection methods are not adaptable to the current large-scale malware detection. Thus many deep learning-based malware detection models are widely used in real malware detection scenarios. Therefore, we need to secure the deep learning-based malware detection models. However, model testing currently focuses on image and natural language processing models. There is no related work to test deep learning-based malware detection models specifically. Therefore, to fill this gap, we propose MalFuzz. MalFuzz uses the idea of coverage-guided fuzzing to test deep learning-based malware detection models. To solve the model state representation problem, MalFuzz uses the first and last layer neuron values to approximately represent the model state. To solve the new coverage calculation problem, MalFuzz uses the fast approximate nearest neighbor algorithm to compute the new coverage. The mutation strategy and seed selection strategy in image model or natural language processing model testing is not appropriate in deep learning-based malware detection model testing. Hence MalFuzz designs the seed selection strategy and seed mutation strategy for malware detection model testing. We performed extensive experiments to demonstrate the effectiveness of MalFuzz. Based on MalConv, Convnet, and CNN 2-d, we compared the modified TensorFuzz and MAB-malware with MalFuzz. Experiment results show that MalFuzz can detect more model classification errors. Likewise, the mutation operation of MalFuzz can retain the original functionality of malware with high probability. Moreover, the seed selection strategy of MalFuzz can help us explore the model state space quickly. Public Library of Science 2022-09-15 /pmc/articles/PMC9477281/ /pubmed/36107957 http://dx.doi.org/10.1371/journal.pone.0273804 Text en © 2022 Liu et al https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
spellingShingle Research Article
Liu, Yuying
Yang, Pin
Jia, Peng
He, Ziheng
Luo, Hairu
MalFuzz: Coverage-guided fuzzing on deep learning-based malware classification model
title MalFuzz: Coverage-guided fuzzing on deep learning-based malware classification model
title_full MalFuzz: Coverage-guided fuzzing on deep learning-based malware classification model
title_fullStr MalFuzz: Coverage-guided fuzzing on deep learning-based malware classification model
title_full_unstemmed MalFuzz: Coverage-guided fuzzing on deep learning-based malware classification model
title_short MalFuzz: Coverage-guided fuzzing on deep learning-based malware classification model
title_sort malfuzz: coverage-guided fuzzing on deep learning-based malware classification model
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9477281/
https://www.ncbi.nlm.nih.gov/pubmed/36107957
http://dx.doi.org/10.1371/journal.pone.0273804
work_keys_str_mv AT liuyuying malfuzzcoverageguidedfuzzingondeeplearningbasedmalwareclassificationmodel
AT yangpin malfuzzcoverageguidedfuzzingondeeplearningbasedmalwareclassificationmodel
AT jiapeng malfuzzcoverageguidedfuzzingondeeplearningbasedmalwareclassificationmodel
AT heziheng malfuzzcoverageguidedfuzzingondeeplearningbasedmalwareclassificationmodel
AT luohairu malfuzzcoverageguidedfuzzingondeeplearningbasedmalwareclassificationmodel

Ejemplares similares