Deceiving ML-Based Friend-or-Foe Identification for Executables

Keane Lucas, Mahmood Sharif, Lujo Bauer*, Michael K. Reiter, Saurabh Shintre

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review


Deceiving an adversary who may, e.g., attempt to reconnoiter a system before launching an attack, typically involves changing the system’s behavior such that it deceives the attacker while still permitting the system to perform its intended function. We develop techniques to achieve such deception by studying a proxy problem: malware detection. Researchers and anti-virus vendors have proposed DNNs for malware detection from raw bytes that do not require manual feature engineering. In this work, we propose an attack that interweaves binary-diversification techniques and optimization frameworks to mislead such DNNs while preserving the functionality of binaries. Unlike prior attacks, ours manipulates instructions that are a functional part of the binary, which makes it particularly challenging to defend against. We evaluated our attack against three DNNs in white- and black-box settings and found that it often achieved success rates near 100%. Moreover, we found that our attack can fool some commercial anti-viruses, in certain cases with a success rate of 85%. We explored several defenses, both new and old, and identified some that can foil over 80% of our evasion attempts. However, these defenses may still be susceptible to evasion by attacks, and so we advocate for augmenting malware-detection systems with methods that do not rely on machine learning.

Original languageEnglish
Title of host publicationAdvances in Information Security
Number of pages33
StatePublished - 2023

Publication series

NameAdvances in Information Security
ISSN (Print)1568-2633
ISSN (Electronic)2512-2193


FundersFunder number
DoD National Defense Science and Engineering
National Science Foundation2113345, 1801391
National Science Foundation
Army Research OfficeW911NF-17-1-0370
Army Research Office
Lockheed Martin
North Atlantic Treaty Organization
National Security AgencyH9823018D0008
National Security Agency


    Dive into the research topics of 'Deceiving ML-Based Friend-or-Foe Identification for Executables'. Together they form a unique fingerprint.

    Cite this