Towards Scalable, Resilient, and Interpretable Approaches for Machine Learning based Malware Detectors

为基于机器学习的恶意软件检测器提供可扩展、有弹性和可解释的方法

• 批准号: RGPIN-2020-04738
• 负责人: Saad, Sherif
• 金额: $ 2.11万
• 依托单位: University of Windsor
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2020
• 资助国家: 加拿大
• 起止时间: 2020-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=717268
• 关键词: Towards; Scalable; Resilient; Interpretable; Approaches

Many cybersecurity experts think that antimalware-system-leveraging machine learning will be the solution to modern malware attacks. In the literature, various malware detection techniques using machine learning with encouraging detection accuracy have been proposed. However, malware attacks in the wild continue to grow and manage to bypass malware detection systems powered by machine learning techniques. There is a significant difference between the accuracy of malware detection techniques in the literature and their accuracy in a production environment. Three reasons explain the limitations of machine-learning-based (ML-based) malware detection systems in the wild. First, unlike other areas that utilize machine learning, malware instances continue to evolve and change. This mostly requires the retraining of machine learning models, which is an expensive and complicated task. The training cost for ML-based malware detectors in production introduces a scalability challenge that is not properly addressed in the literature. Second, malware authors apply dynamic evading techniques and leverage adversary machine learning techniques to bypass detection. Because machine learning models are not designed to work in adversarial settings, to overcome adversarial malware threats, we need to design resilient and robust ML-based malware detectors. Third, but not least, adopting sophisticated machine learning techniques in a production environment is challenging because, most of the time, it is not possible to understand how machine learning systems make malware detection decisions. Therefore, tuning and maintaining these systems is a challenge for cybersecurity analysts. Hence, the interpretability of machine learning models is an important requirement for malware detectors that have not yet been investigated. The main goal of this research program is to investigate and overcome the limitations of ML-based malware detectors. The research program focuses on three main directions to reach its goal. First, reduce the cost of retraining machine learning systems for malware detection in production. Second, design techniques to interpret malware detection results produced by machine learning systems in a manner that is useful to malware analysts. Third, develop a framework to help the malware detection systems mitigate adversarial malware attacks. This research program will contribute to the training of several HQP: students will develop theoretical and practical skills in applied machine learning and malware analysis. It will contribute to positioning Canada as a leader in malware security research, and we will contribute to AssemblyLine (an open-source malware analysis platform published in 2017 by the communications security establishment of Canada). In addition, several products could efficiently utilize our research outcome, which would lead to the creation of spin-off companies, or existing antimalware companies could utilize the technology through licensing.

许多网络安全专家认为，反恶意软件系统利用机器学习将是现代恶意软件攻击的解决方案。在文献中，已经提出了使用具有令人鼓舞的检测准确性的机器学习的各种恶意软件检测技术。然而，恶意软件攻击继续增长，并设法绕过由机器学习技术驱动的恶意软件检测系统。文献中的恶意软件检测技术的准确性与其在生产环境中的准确性之间存在显着差异。三个原因解释了基于机器学习（ML）的恶意软件检测系统在野外的局限性。首先，与利用机器学习的其他领域不同，恶意软件实例继续发展和变化。这主要需要重新训练机器学习模型，这是一项昂贵且复杂的任务。生产中基于ML的恶意软件检测器的培训成本引入了文献中未适当解决的可扩展性挑战。其次，恶意软件作者应用动态规避技术并利用对手机器学习技术来绕过检测。由于机器学习模型不是设计用于对抗环境的，为了克服对抗性恶意软件威胁，我们需要设计弹性和强大的基于ML的恶意软件检测器。第三，但并非最不重要的是，在生产环境中采用复杂的机器学习技术具有挑战性，因为大多数时候，不可能了解机器学习系统如何做出恶意软件检测决策。因此，调整和维护这些系统对网络安全分析师来说是一个挑战。因此，机器学习模型的可解释性是尚未研究的恶意软件检测器的重要要求。 这项研究计划的主要目标是调查和克服基于ML的恶意软件检测器的局限性。该研究计划侧重于三个主要方向，以实现其目标。首先，降低在生产中重新训练机器学习系统进行恶意软件检测的成本。第二，设计技术来解释机器学习系统产生的恶意软件检测结果，对恶意软件分析师有用。第三，开发一个框架来帮助恶意软件检测系统减轻对抗性恶意软件攻击。这项研究计划将有助于几个HQP的培训：学生将开发应用机器学习和恶意软件分析的理论和实践技能。它将有助于将加拿大定位为恶意软件安全研究的领导者，我们将为AssemblyLine（加拿大通信安全机构于2017年发布的开源恶意软件分析平台）做出贡献。此外，一些产品可以有效地利用我们的研究成果，这将导致创建分拆公司，或者现有的反恶意软件公司可以通过许可使用该技术。