Computer Science
Laurea magistrale
Event

PhD seminar: Malware hide in subtle ways: a journey through entropy and adversarial stuffs

10/10/2019

Tastiera retroilluminata - Backlit keyboard

Speakers

Simone Aonzo & Luca Demetrio


Title

Malware hide in subtle ways: a journey through entropy and adversarial stuffs


Abstract

An open research problem on malware analysis is how to statically distinguish between packed and non-packed executables. This has an impact on antivirus software and malware analysis systems, which may need to apply different heuristics or to resort to more costly code emulation solutions to deal with the presence of potential packing routines. Therefore, a wrong answer to the question ‚Äúis this executable packed?‚ÄĚ can make the difference between malware evasion and detection. It has long been known that packing and entropy are strongly correlated, often leading to the wrong assumption that a low entropy score implies that an executable is NOT packed.

In addition, many industries currently use machine learning techniques for discriminating between malware and goodware, by feeding deep neural network with gigabytes of programs.

Even if they are sold as silver bullet solutions, recent work has shown these algorithms for malware detection are also susceptible to adversarial examples, i.e., carefully-crafted perturbations to input malware that enable misleading classification. The rationale behind these attacks depends on what the network really learned at training time, which is not what an expert malware analyst would imagine.


During the first part of the talk, Simone Aonzo will show how entropy and all the features used for solving ‚Äúpacked/not packed‚ÄĚ problem is weak, while Luca Demetrio will conclude the seminar by showing the inefficiency of a particular network by applying a gradient attack on few bytes to evade detection.


Date

Thursday, 10th October 2019

Time

2:30PM

Location

Dibris, Valletta Puggia, Conference Hall (322)



Short bio

Simone Aonzo is a PhD student in Computer Science at the University of Genoa, but he also worked as an Android pentester. His research interests include most aspects of system security and in particular the areas of binary and malware analysis, reverse engineering, and phishing. He is a co-founder and member of the ZenHack CTF Team. 


Luca Demetrio is a second-year PhD student in Computer Science, currently working inside the Computer Security Laboratory (CSecLab,  https://csec.it) and a member of the ZenHack CTF Team (https://zenhack.it). His main interest is the application of adversarial machine learning to malware detection, with a strong emphasis on the offensive side. In particular, he is working on a new gradient and black box attacks to fool modern antiviruses techniques that leverage on statistical learning techniques.