• NTUST_1111_ML and Application for Cybersecurity_Final Project
• Members:
  • M11115015 廖唯任
  • M11115035 康帷晟
  • M11152025 陳彥合

$a d v_{-} x=x+\epsilon * \operatorname{sign}\left(\nabla_x J(\theta, x, y)\right)$

1. Taking an input image.
2. Making predictions on the image using a trained model.
3. Computing the loss of the prediction based on the true class label.
4. Caculating the gradients of the loss with respect to the input image.
5. Computing the sign of the gradient.
6. Using the signed gradient to construct the output adversarial image.

• training a malware detector(binary classifier)
  • CNN model
  • Siamese network
• generate the adversarial example (AE) for each model
• attack the model
  • input. AE
  • result. ACC decline

• Dataset
  • Training: 50/50
  • Testing: 50/50
• Feature Engineering
  • API call sequence image

• Dataset
  • Training: 10/10
  • Testing: 90/90
• Feature Engineering
  • API call sequence image

• method. FGSM
• example

  ORIGIN_API_IMG	+ ε x Noise	=Adversarial Example

• method. FGSM & remain the white area
• example

  ORIGIN_API_IMG	+ ε x Noise	=Adversarial Example

• method. FGSM
• example

  ORIGIN_API_IMG	+ ε x Noise	=Adversarial Example

• method. FGSM & remain the white area
• example

  ORIGIN_API_IMG	+ ε x Noise	=Adversarial Example

• eps = 0.075

• CNN is robust than Siamese network against adversarial attack in our work.
• We could construct an adversarial attack to the malware classification model in feature space.
• We could try problem space of adversarial attack in the work in the future.

• tensorflow_tuorials_FGSM
• Dynamic API call sequence visualisation for malware classification