Gray-box Query Attack Sample Clauses
Gray-box Query Attack. The gray-box attacker has access to the training data and knowledge of the statistical representation of the features across the dataset. Therefore, features can be added to a malware sample in a heuristically-driven manner using their frequency in benign samples (rather than randomly, as in the black-box scenario). In figure 4.2, we present an overview of our gray-box query attack strategy. In our strategy, features that are more frequent in benign samples are added to the malware sample X before others in order to promote traversal of the decision boundary as soon as possible. We show later that this significantly increases attack success and reduces queries to the oracle. Hence, as per figure 4.2, from the data available to the attacker, the features from benign samples are sorted by their frequency across all benign samples into a vector ⃗s as a preliminary step to the attack — ⃗s can be reused whenever the attack is conducted. Then, given the ordered vector of features ⃗s (which contains features ordered by their frequency in benign samples), we can generate an adversarial example X′. That is, using a malware sample X, the next feature from ⃗s that preserves the original functionality of X is added to generate X′. Recall from before that only certain perturbations for each target platform will preserve the functionality of the malware sample (platform-specific details of valid perturbations in Section 4.4.6). As before, perturbations are validated for functionality preservation before being tested on O. The transplantation of features continues until the generated adversarial example X′ evades O, nmax is reached, or the possible features are exhausted.
1. Sort features from benign samples by their frequency across all benign samples 2. Create a vector s that contains all features ordered by their frequency The vector s can be reused whenever the attack is conducted. Using a malware sample X, add features in the order of vector s to generate an adversarial example X' until attack success or failure O(X')=1 &, nmax not reached &, No 1 or 0 Yes X' evades O? Failure Success Add the next feature from s to X' Oracle We next provide details about the experimental setup we use for our evaluation of various moving target defenses against adversarial ML. This is followed by the study of various MTDs and other defenses under different attacker scenarios.