Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Doan, Bao Gia, Nguyen, Dang Quang, Montague, Paul, Abraham, Tamas, De Vel, Olivier, Camtepe, Seyit, Kanhere, Salil S., Abbasnejad, Ehsan, Ranasinghe, Damith C.
Format: Preprint
Veröffentlicht: 2024
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2403.18309
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866909152411910144
author Doan, Bao Gia
Nguyen, Dang Quang
Montague, Paul
Abraham, Tamas
De Vel, Olivier
Camtepe, Seyit
Kanhere, Salil S.
Abbasnejad, Ehsan
Ranasinghe, Damith C.
author_facet Doan, Bao Gia
Nguyen, Dang Quang
Montague, Paul
Abraham, Tamas
De Vel, Olivier
Camtepe, Seyit
Kanhere, Salil S.
Abbasnejad, Ehsan
Ranasinghe, Damith C.
contents The vulnerability of machine learning-based malware detectors to adversarial attacks has prompted the need for robust solutions. Adversarial training is an effective method but is computationally expensive to scale up to large datasets and comes at the cost of sacrificing model performance for robustness. We hypothesize that adversarial malware exploits the low-confidence regions of models and can be identified using epistemic uncertainty of ML approaches -- epistemic uncertainty in a machine learning-based malware detector is a result of a lack of similar training samples in regions of the problem space. In particular, a Bayesian formulation can capture the model parameters' distribution and quantify epistemic uncertainty without sacrificing model performance. To verify our hypothesis, we consider Bayesian learning approaches with a mutual information-based formulation to quantify uncertainty and detect adversarial malware in Android, Windows domains and PDF malware. We found, quantifying uncertainty through Bayesian learning methods can defend against adversarial malware. In particular, Bayesian models: (1) are generally capable of identifying adversarial malware in both feature and problem space, (2) can detect concept drift by measuring uncertainty, and (3) with a diversity-promoting approach (or better posterior approximations) lead to parameter instances from the posterior to significantly enhance a detectors' ability.
format Preprint
id arxiv_https___arxiv_org_abs_2403_18309
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Bayesian Learned Models Can Detect Adversarial Malware For Free
Doan, Bao Gia
Nguyen, Dang Quang
Montague, Paul
Abraham, Tamas
De Vel, Olivier
Camtepe, Seyit
Kanhere, Salil S.
Abbasnejad, Ehsan
Ranasinghe, Damith C.
Cryptography and Security
The vulnerability of machine learning-based malware detectors to adversarial attacks has prompted the need for robust solutions. Adversarial training is an effective method but is computationally expensive to scale up to large datasets and comes at the cost of sacrificing model performance for robustness. We hypothesize that adversarial malware exploits the low-confidence regions of models and can be identified using epistemic uncertainty of ML approaches -- epistemic uncertainty in a machine learning-based malware detector is a result of a lack of similar training samples in regions of the problem space. In particular, a Bayesian formulation can capture the model parameters' distribution and quantify epistemic uncertainty without sacrificing model performance. To verify our hypothesis, we consider Bayesian learning approaches with a mutual information-based formulation to quantify uncertainty and detect adversarial malware in Android, Windows domains and PDF malware. We found, quantifying uncertainty through Bayesian learning methods can defend against adversarial malware. In particular, Bayesian models: (1) are generally capable of identifying adversarial malware in both feature and problem space, (2) can detect concept drift by measuring uncertainty, and (3) with a diversity-promoting approach (or better posterior approximations) lead to parameter instances from the posterior to significantly enhance a detectors' ability.
title Bayesian Learned Models Can Detect Adversarial Malware For Free
topic Cryptography and Security
url https://arxiv.org/abs/2403.18309