Bayesian Learned Models Can Detect Adversarial Malware for Free

Bao Gia Doan; Dang Quang Nguyen; Paul Montague; Tamas Abraham; Olivier De Vel; Seyit Camtepe; Salil S. Kanhere; Ehsan Abbasnejad; Damith C. Ranasinghe

doi:10.1007/978-3-031-70879-4_3

Bayesian Learned Models Can Detect Adversarial Malware for Free

Bao Gia Doan, Dang Quang Nguyen, Paul Montague, Tamas Abraham, Olivier De Vel, Seyit Camtepe, Salil S. Kanhere, Ehsan Abbasnejad, Damith C. Ranasinghe

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

Abstract

Vulnerability of machine learning-based malware detectors to adversarial attacks has prompted the need for robust solutions. Adversarial training is an effective method but is computationally expensive to scale up to large datasets and comes at the cost of sacrificing model performance for robustness. We hypothesize that adversarial malware exploits the low-confidence regions of models and can be identified using epistemic uncertainty of ML approaches—epistemic uncertainty in a machine learning-based malware detector is a result of a lack of similar training samples in regions of the problem space. In particular, a Bayesian formulation can capture the model parameters’ distribution and quantify epistemic uncertainty without sacrificing model performance. To verify our hypothesis, we consider Bayesian learning approaches with a mutual information-based formulation to quantify uncertainty and detect adversarial malware in Android, Windows domains and PDF malware. We found, quantifying uncertainty through Bayesian learning methods can defend against adversarial malware. In particular, Bayesian models: (1) are generally capable of identifying adversarial malware in both feature and problem space, (2) can detect concept drift by measuring uncertainty, and (3) with a diversity-promoting approach (or better posterior approximations) leads to parameter instances from the posterior to significantly enhance a detectors’ ability.

Original language	English
Title of host publication	Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security Bydgoszcz, Poland, September 16–20, 2024 Proceedings, Part I
Editors	Joaquin Garcia-Alfaro, Rafał Kozik, Michał Choraś, Sokratis Katsikas
Place of Publication	Cham Switzerland
Publisher	Springer
Pages	45-65
Number of pages	21
ISBN (Electronic)	9783031708794
ISBN (Print)	9783031708787
DOIs	https://doi.org/10.1007/978-3-031-70879-4_3
Publication status	Published - 2024
Externally published	Yes
Event	European Symposium on Research in Computer Security 2024 - Bydgoszcz, Poland Duration: 16 Sept 2024 → 20 Sept 2024 Conference number: 29th https://link.springer.com/book/10.1007/978-3-031-70879-4 (Proceedings) https://esorics2024.org/ (Website)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	14982
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	European Symposium on Research in Computer Security 2024
Abbreviated title	ESORICS 2024
Country/Territory	Poland
City	Bydgoszcz
Period	16/09/24 → 20/09/24
Internet address	https://link.springer.com/book/10.1007/978-3-031-70879-4 (Proceedings) https://esorics2024.org/ (Website)

Keywords

Adversarial Malware
Bayesian Learning
Malware Detection

Access to Document

10.1007/978-3-031-70879-4_3

Cite this

Doan, B. G., Nguyen, D. Q., Montague, P., Abraham, T., De Vel, O., Camtepe, S., Kanhere, S. S., Abbasnejad, E., & Ranasinghe, D. C. (2024). Bayesian Learned Models Can Detect Adversarial Malware for Free. In J. Garcia-Alfaro, R. Kozik, M. Choraś, & S. Katsikas (Eds.), Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security Bydgoszcz, Poland, September 16–20, 2024 Proceedings, Part I (pp. 45-65). (Lecture Notes in Computer Science; Vol. 14982). Springer. https://doi.org/10.1007/978-3-031-70879-4_3

Doan, Bao Gia ; Nguyen, Dang Quang ; Montague, Paul et al. / Bayesian Learned Models Can Detect Adversarial Malware for Free. Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security Bydgoszcz, Poland, September 16–20, 2024 Proceedings, Part I. editor / Joaquin Garcia-Alfaro ; Rafał Kozik ; Michał Choraś ; Sokratis Katsikas. Cham Switzerland : Springer, 2024. pp. 45-65 (Lecture Notes in Computer Science).

@inproceedings{d632d3ca5e0046bea2cc33041c9f5316,

title = "Bayesian Learned Models Can Detect Adversarial Malware for Free",

abstract = "Vulnerability of machine learning-based malware detectors to adversarial attacks has prompted the need for robust solutions. Adversarial training is an effective method but is computationally expensive to scale up to large datasets and comes at the cost of sacrificing model performance for robustness. We hypothesize that adversarial malware exploits the low-confidence regions of models and can be identified using epistemic uncertainty of ML approaches—epistemic uncertainty in a machine learning-based malware detector is a result of a lack of similar training samples in regions of the problem space. In particular, a Bayesian formulation can capture the model parameters{\textquoteright} distribution and quantify epistemic uncertainty without sacrificing model performance. To verify our hypothesis, we consider Bayesian learning approaches with a mutual information-based formulation to quantify uncertainty and detect adversarial malware in Android, Windows domains and PDF malware. We found, quantifying uncertainty through Bayesian learning methods can defend against adversarial malware. In particular, Bayesian models: (1) are generally capable of identifying adversarial malware in both feature and problem space, (2) can detect concept drift by measuring uncertainty, and (3) with a diversity-promoting approach (or better posterior approximations) leads to parameter instances from the posterior to significantly enhance a detectors{\textquoteright} ability.",

keywords = "Adversarial Malware, Bayesian Learning, Malware Detection",

author = "Doan, {Bao Gia} and Nguyen, {Dang Quang} and Paul Montague and Tamas Abraham and {De Vel}, Olivier and Seyit Camtepe and Kanhere, {Salil S.} and Ehsan Abbasnejad and Ranasinghe, {Damith C.}",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; European Symposium on Research in Computer Security 2024, ESORICS 2024 ; Conference date: 16-09-2024 Through 20-09-2024",

year = "2024",

doi = "10.1007/978-3-031-70879-4_3",

language = "English",

isbn = "9783031708787",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "45--65",

editor = "Joaquin Garcia-Alfaro and Rafa{\l} Kozik and Micha{\l} Chora{\'s} and Sokratis Katsikas",

booktitle = "Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security Bydgoszcz, Poland, September 16–20, 2024 Proceedings, Part I",

url = "https://link.springer.com/book/10.1007/978-3-031-70879-4, https://esorics2024.org/",

}

Doan, BG, Nguyen, DQ, Montague, P, Abraham, T, De Vel, O, Camtepe, S, Kanhere, SS, Abbasnejad, E & Ranasinghe, DC 2024, Bayesian Learned Models Can Detect Adversarial Malware for Free. in J Garcia-Alfaro, R Kozik, M Choraś & S Katsikas (eds), Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security Bydgoszcz, Poland, September 16–20, 2024 Proceedings, Part I. Lecture Notes in Computer Science, vol. 14982, Springer, Cham Switzerland, pp. 45-65, European Symposium on Research in Computer Security 2024, Bydgoszcz, Poland, 16/09/24. https://doi.org/10.1007/978-3-031-70879-4_3

Bayesian Learned Models Can Detect Adversarial Malware for Free. / Doan, Bao Gia; Nguyen, Dang Quang; Montague, Paul et al.
Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security Bydgoszcz, Poland, September 16–20, 2024 Proceedings, Part I. ed. / Joaquin Garcia-Alfaro; Rafał Kozik; Michał Choraś; Sokratis Katsikas. Cham Switzerland: Springer, 2024. p. 45-65 (Lecture Notes in Computer Science; Vol. 14982).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Bayesian Learned Models Can Detect Adversarial Malware for Free

AU - Doan, Bao Gia

AU - Nguyen, Dang Quang

AU - Montague, Paul

AU - Abraham, Tamas

AU - De Vel, Olivier

AU - Camtepe, Seyit

AU - Kanhere, Salil S.

AU - Abbasnejad, Ehsan

AU - Ranasinghe, Damith C.

N1 - Conference code: 29th

PY - 2024

Y1 - 2024

N2 - Vulnerability of machine learning-based malware detectors to adversarial attacks has prompted the need for robust solutions. Adversarial training is an effective method but is computationally expensive to scale up to large datasets and comes at the cost of sacrificing model performance for robustness. We hypothesize that adversarial malware exploits the low-confidence regions of models and can be identified using epistemic uncertainty of ML approaches—epistemic uncertainty in a machine learning-based malware detector is a result of a lack of similar training samples in regions of the problem space. In particular, a Bayesian formulation can capture the model parameters’ distribution and quantify epistemic uncertainty without sacrificing model performance. To verify our hypothesis, we consider Bayesian learning approaches with a mutual information-based formulation to quantify uncertainty and detect adversarial malware in Android, Windows domains and PDF malware. We found, quantifying uncertainty through Bayesian learning methods can defend against adversarial malware. In particular, Bayesian models: (1) are generally capable of identifying adversarial malware in both feature and problem space, (2) can detect concept drift by measuring uncertainty, and (3) with a diversity-promoting approach (or better posterior approximations) leads to parameter instances from the posterior to significantly enhance a detectors’ ability.

AB - Vulnerability of machine learning-based malware detectors to adversarial attacks has prompted the need for robust solutions. Adversarial training is an effective method but is computationally expensive to scale up to large datasets and comes at the cost of sacrificing model performance for robustness. We hypothesize that adversarial malware exploits the low-confidence regions of models and can be identified using epistemic uncertainty of ML approaches—epistemic uncertainty in a machine learning-based malware detector is a result of a lack of similar training samples in regions of the problem space. In particular, a Bayesian formulation can capture the model parameters’ distribution and quantify epistemic uncertainty without sacrificing model performance. To verify our hypothesis, we consider Bayesian learning approaches with a mutual information-based formulation to quantify uncertainty and detect adversarial malware in Android, Windows domains and PDF malware. We found, quantifying uncertainty through Bayesian learning methods can defend against adversarial malware. In particular, Bayesian models: (1) are generally capable of identifying adversarial malware in both feature and problem space, (2) can detect concept drift by measuring uncertainty, and (3) with a diversity-promoting approach (or better posterior approximations) leads to parameter instances from the posterior to significantly enhance a detectors’ ability.

KW - Adversarial Malware

KW - Bayesian Learning

KW - Malware Detection

UR - http://www.scopus.com/inward/record.url?scp=85204376927&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-70879-4_3

DO - 10.1007/978-3-031-70879-4_3

M3 - Conference Paper

AN - SCOPUS:85204376927

SN - 9783031708787

T3 - Lecture Notes in Computer Science

SP - 45

EP - 65

BT - Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security Bydgoszcz, Poland, September 16–20, 2024 Proceedings, Part I

A2 - Garcia-Alfaro, Joaquin

A2 - Kozik, Rafał

A2 - Choraś, Michał

A2 - Katsikas, Sokratis

PB - Springer

CY - Cham Switzerland

T2 - European Symposium on Research in Computer Security 2024

Y2 - 16 September 2024 through 20 September 2024

ER -

Doan BG, Nguyen DQ, Montague P, Abraham T, De Vel O, Camtepe S et al. Bayesian Learned Models Can Detect Adversarial Malware for Free. In Garcia-Alfaro J, Kozik R, Choraś M, Katsikas S, editors, Computer Security – ESORICS 2024 - 29th European Symposium on Research in Computer Security Bydgoszcz, Poland, September 16–20, 2024 Proceedings, Part I. Cham Switzerland: Springer. 2024. p. 45-65. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-70879-4_3

Bayesian Learned Models Can Detect Adversarial Malware for Free

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this