Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers

摘要

In this paper, we present a black-box attack against API call based machinelearning malware classifiers, focusing on generating adversarial API callsequences that would be misclassified by the classifier without affecting themalware functionality. We show that this attack is effective against manyclassifiers due to the transferability principle between RNN variants, feedforward DNNs, and traditional machine learning classifiers such as SVM. Wefurther extend our attack against hybrid classifiers based on a combination ofstatic and dynamic features, focusing on printable strings and API calls.Finally, we implement GADGET, a software framework to convert any malwarebinary to a binary undetected by malware classifiers, using the proposedattack, without access to the malware source code. We conclude by discussingpossible defense mechanisms against the attack.