Malware Evasion Attacks Against IoT and Other Devices: An Empirical Study

作     者：Yan Xu Deqiang Li Qianmu Li Shouhuai Xu Yan Xu;Deqiang Li;Qianmu Li;Shouhuai Xu

作者机构：School of Computer Science and EngineeringNanjing University of Science and TechnologyNanjing 210094China School of Computer ScienceNanjing University of Posts and TelecommunicationsNanjing 210023China Department of Computer ScienceUniversity of Colorado Colorado SpringsColorado SpringsCO 80918USA 

出 版 物：《Tsinghua Science and Technology》 (清华大学学报（自然科学版（英文版）)

年 卷 期：2024年第29卷第1期

页      面：127-142页

核心收录：

学科分类：080903[工学-微电子学与固体电子学] 0809[工学-电子科学与技术（可授工学、理学学位）] 08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：Android malware obfuscation adversarial examples 

摘      要：The Internet of Things(loT)has grown rapidly due to artificial intelligence driven edge computing.While enabling many new functions,edge computing devices expand the vulnerability surface and have become the target of malware attacks.Moreover,attackers have used advanced techniques to evade defenses by transforming their malware into functionality-preserving variants.We systematically analyze such evasion attacks and conduct a large-scale empirical study in this paper to evaluate their impact on security.More specifically,we focus on two forms of evasion attacks:obfuscation and adversarial attacks.To the best of our knowledge,this paper is the first to investigate and contrast the two families of evasion attacks systematically.We apply 10 obfuscation attacks and 9 adversarial attacks to 2870 malware examples.The obtained findings are as follows.(1)Commercial Off-The-Shelf(COTS)malware detectors are vulnerable to evasion attacks.(2)Adversarial attacks affect COTS malware detectors slightly more effectively than obfuscated malware examples.(3)Code similarity detection approaches can be affected by obfuscated examples and are barely affected by adversarial attacks.(4)These attacks can preserve the functionality of original malware examples.