Generic black-box end-to-end attack against rnns and other api calls based malware classifiers

Ishai Rosenberg, Asaf Shabtai, Lior Rokach, Yuval Elovici

arXiv preprint arXiv:1707.05970 282, 2017

Deep neural networks (DNNs) are used to solve complex classification problems, for which other machine learning classifiers, such as SVM, fall short. Recurrent neural networks (RNNs) have been used for tasks that involves sequential inputs, such as speech to text. In the cyber security domain, RNNs based on API calls have been used effectively to classify previously un-encountered malware. In this paper, we present a blackbox attack against RNNs, focusing on finding adversarial API call sequences that would be misclassified by a RNN without affecting the malware functionality. We also show that this attack is effective against many classifiers, due-to the transferability principle between RNN variants, feed-forward DNNs and traditional machine learning classifiers such as SVM. Finally, we implemented GADGET, a software framework to convert any malware binary to a binary undetected by an API calls based malware classifier, using the proposed attack, without access to the malware source code. We conclude by discussing possible defense mechanisms and countermeasures against the attack.