Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks
Nowadays, using AI-based detectors to keep pace with the fast iterating of malware has attracted a great attention. However, most AI-based malware detectors use features with vast sparse subspaces to characterize applications, which brings significant vulnerabilities to the model. To exploit this sp...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8418 https://ink.library.smu.edu.sg/context/sis_research/article/9421/viewcontent/usenix_23.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9421 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-94212024-01-09T03:32:00Z Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks TIAN, Jianwen QIU, Kefan GAO, Debin WANG, Zhi KUANG, Xiaohui ZHAO, Gang Nowadays, using AI-based detectors to keep pace with the fast iterating of malware has attracted a great attention. However, most AI-based malware detectors use features with vast sparse subspaces to characterize applications, which brings significant vulnerabilities to the model. To exploit this sparsityrelated vulnerability, we propose a clean-label backdoor attack consisting of a dissimilarity metric-based candidate selection and a variation ratio-based trigger construction. The proposed backdoor is verified on different datasets, including a Windows PE dataset, an Android dataset with numerical and boolean feature values, and a PDF dataset. The experimental results show that the attack can slash the accuracy on watermarked malware to nearly 0% even with the least number (0.01% of the class set) of watermarked goodwares compared to previous attacks. Problem space constraints are also considered with experiments in data-agnostic scenario and data-and-model-agnostic scenario, proving transferability between different datasets as well as deep neural networks and traditional classifiers. The attack is verified consistently powerful under the above scenarios. Moreover, eight existing defenses were tested with their effect left much to be desired. We demonstrated the reason and proposed a subspace compression strategy to boost models' robustness, which also makes part of the previously failed defenses effective. 2023-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8418 https://ink.library.smu.edu.sg/context/sis_research/article/9421/viewcontent/usenix_23.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Backdoors Boolean features Candidate selection Compression strategies Feature values Malwares Model robustness Numerical features Problem space Space constraints Databases and Information Systems Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Backdoors Boolean features Candidate selection Compression strategies Feature values Malwares Model robustness Numerical features Problem space Space constraints Databases and Information Systems Software Engineering |
| spellingShingle |
Backdoors Boolean features Candidate selection Compression strategies Feature values Malwares Model robustness Numerical features Problem space Space constraints Databases and Information Systems Software Engineering TIAN, Jianwen QIU, Kefan GAO, Debin WANG, Zhi KUANG, Xiaohui ZHAO, Gang Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks |
| description |
Nowadays, using AI-based detectors to keep pace with the fast iterating of malware has attracted a great attention. However, most AI-based malware detectors use features with vast sparse subspaces to characterize applications, which brings significant vulnerabilities to the model. To exploit this sparsityrelated vulnerability, we propose a clean-label backdoor attack consisting of a dissimilarity metric-based candidate selection and a variation ratio-based trigger construction. The proposed backdoor is verified on different datasets, including a Windows PE dataset, an Android dataset with numerical and boolean feature values, and a PDF dataset. The experimental results show that the attack can slash the accuracy on watermarked malware to nearly 0% even with the least number (0.01% of the class set) of watermarked goodwares compared to previous attacks. Problem space constraints are also considered with experiments in data-agnostic scenario and data-and-model-agnostic scenario, proving transferability between different datasets as well as deep neural networks and traditional classifiers. The attack is verified consistently powerful under the above scenarios. Moreover, eight existing defenses were tested with their effect left much to be desired. We demonstrated the reason and proposed a subspace compression strategy to boost models' robustness, which also makes part of the previously failed defenses effective. |
| format |
text |
| author |
TIAN, Jianwen QIU, Kefan GAO, Debin WANG, Zhi KUANG, Xiaohui ZHAO, Gang |
| author_facet |
TIAN, Jianwen QIU, Kefan GAO, Debin WANG, Zhi KUANG, Xiaohui ZHAO, Gang |
| author_sort |
TIAN, Jianwen |
| title |
Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks |
| title_short |
Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks |
| title_full |
Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks |
| title_fullStr |
Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks |
| title_full_unstemmed |
Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks |
| title_sort |
sparsity brings vulnerabilities: exploring new metrics in backdoor attacks |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2023 |
| url |
https://ink.library.smu.edu.sg/sis_research/8418 https://ink.library.smu.edu.sg/context/sis_research/article/9421/viewcontent/usenix_23.pdf |
| _version_ |
1787590772187463680 |