- author = "Weilin Xu and Yanjun Qi and David Evans",
- title = "Automatically Evading Classifiers: A Case Study on {PDF} Malware Classifiers",
- booktitle = "The Network and Distributed System Security Symposium 2016",
- year = "2016",
- editor = "Lujo Bauer and Karen O'Donoghue",
- address = "San Diego, USA",
- month = "21-24 " # feb,
- keywords = "genetic algorithms, genetic programming, genetic improvement, PDF malware, SVM, Cuckoo sandbox, VirusTotal, Wepawet, Hidost, PDFrate",
- ISBN = "1-891562-41-X",
-
URL = "
http://evademl.org/",
-
URL = "https://www.internetsociety.org/events/ndss-symposium-2016/ndss-2016-programme#session11",
-
URL = "
https://www.internetsociety.org/sites/default/files/blogs-media/automatically-evading-classifiers.pdf",
-
code_url = "http://www.EvadeML.org",
- size = "15 pages",
- abstract = "Machine learning is widely used to develop classifiers for security tasks. However, the robustness of these methods against motivated adversaries is uncertain. In this work, we propose a generic method to evaluate the robustness of classifiers under attack. The key idea is to stochastically manipulate a malicious sample to find a variant that preserves the malicious behaviour but is classified as benign by the classifier. We present a general approach to search for evasive variants and report on results from experiments using our techniques against two PDF malware classifiers, PDFrate and Hidost. Our method is able automatically find evasive variants for all of the 500 malicious seeds in our study. Our results suggest a general method for evaluating classifiers used in security applications, and raise serious doubts about the effectiveness of classifiers based on superficial features in the presence of adversaries.",
-
notes = "GP population size is 48 and the maximum generation is
20.
https://www.internetsociety.org/events/ndss-symposium-2016",
