安全场景(1)恶意软件检测*
恶意软件检测
一、论文
- MALWARE综述
- 论文分析:https://powerlzy.github.io/posts/2GBZRTM/
- Deep Learning for Android Malware Defenses: a Systematic Literature
Review
- 项目地址:https://github.com/yueyueL/DL-based-Android-Malware-Defenses-review
- 项目概述:ACM Computing Surveys.+安卓恶意软件检测;
二、开源项目
2.1 论文复现
- TrustCom2021:Malware Classification by Learning Semantic and
Structural Features of Control Flow Graphs
- 项目地址:https://github.com/Bowen-n/MCBG
- 项目概述:通过学习控制流图的语义和结构特征进行恶意软件分类的源代码
- Windows-malware-detection
- 项目地址:https://github.com/strugglingeagle/Windows-malware-detection
- 项目概述:基于HIN的Windows恶意软件检测模型
- Learning from Context: Exploiting and Interpreting File Path
Information for Better Malware Detection
- 项目概述:Sophos公司:(ember+路径上下文)
- 论文分析:https://powerlzy.github.io/posts/2Z5SQWP/
- Quo Vadis: Hybrid Machine Learning
Meta-Model Based on Contextual and Behavioral Malware
Representations
- 项目地址:https://github.com/dtrizna/quo.vadis
- 项目概述:基于Windows内核仿真的混合机器学习恶意软件检测模型(动态分析+ember+路径上下文)
- 论文分析:https://powerlzy.github.io/posts/2Z5SQWP/
- Malware Detection based on API Sequence Intrinsic Features
- 项目地址:https://github.com/friendllcc/Malware-Detection-API-Sequence-Intrinsic-Features
- 项目概述:沙箱API序列特征
- Learning-Based-PE-Malware-Family-Classification-Methods
- 项目地址:https://github.com/nikeluobinxiaoma/Learning-Based-PE-Malware-Family-Classification-Methods
- 项目概述:天大同学实验代码,包含三类基于学习的PE恶意软件家族分类方法,分别是基于图像的、基于二进制的和基于反汇编的方法,还有一种检测恶意软件类间漂移的方法。
- MalConv-Pytorch
- 项目地址:https://github.com/PowerLZY/MalConv-Pytorch
- 项目概述:基于字节序列的恶意软件检测研究
- CADE: Detecting and Explaining Concept Drift Samples for Security
Applications
- 项目地址:https://github.com/whyisyoung/CADE
- 项目概述:Code for our USENIX Security 2021 paper
- Ember:Elastic Malware Benchmark for Empowering
Researchers
- 项目地址:https://github.com/elastic/ember
- 项目概述:2038维,静态分析+LightGBM
- When Malware is Packin’ Heat; Limits of Machine Learning Classifiers
Based on Static Analysis Features
- 项目地址:https://github.com/ucsb-seclab/packware
- 项目概述:打包器对仅使用静态分析的基于机器学习的恶意软件分类器的影响
- Dynamic Malware Analysis with Feature
Engineering and Feature Learning
- 项目地址:https://github.com/joddiy/DynamicMalwareAnalysis
- 项目概述:服务器上有源码
2.2 开源工具
- DeepMalwareDetector
- 项目地址:https://github.com/islem-esi/DeepMalwareDetector
- 项目概述:一个深度学习框架,用于分析Windows PE文件以检测恶意软件。
- 恶意软件沙箱
- CAPE: Malware Configuration And Payload Extraction
- 项目地址:https://github.com/kevoreilly/CAPEv2
- Bold-Falcon:https://github.com/PowerLZY/Bold-Falcon
说明文档https://powerlzy.github.io/Bold-Falcon/开发文档https://boldfalcon.readthedocs.io
- CAPE: Malware Configuration And Payload Extraction
三、算法比赛
- DataCon2019大数据安全分析比赛冠军思路分享 -
杨航锋的文章
- 知乎 https://zhuanlan.zhihu.com/p/64252076
- DataCon2020大数据安全分析大赛,🏆【方向五】恶意代码分析冠军源码和方案。
- 项目地址:
- https://github.com/yuriufo/DataCon2020;
- https://datacon.qianxin.com/#integral
- 项目地址:
- 2021 CCF BDCI 数字安全公开赛 -
基于人工智能的恶意软件家族分类
- 比赛官网:https://www.datafountain.cn/competitions/507
- 项目地址:https://github.com/PowerLZY/malware_classification_bdci
四、工业界应用
McAfee: https://www.mcafee.com/enterprise/en-us/security-awareness/endpoint/what-is-next-gen-endpoint-protection.html
Vmware:https://www.carbonblack.com/resources/definitions/what-is-next-generation-antivirus/
CrowdStrike:https://www.crowdstrike.com/epp-101/next-generation-antivirus-ngav/
Avast:https://www.avast.com/technology/malware-detection-and-blocking
卡巴斯基:https://media.kaspersky.com/en/enterprise-security/Kaspersky-Lab-Whitepaper-Machine-Learning.pdf
- 论文分析:https://powerlzy.github.io/posts/3JVWT1D/
火眼:https://www.fireeye.com/blog/threat-research/2019/03/clustering-and-associating-attacker-activity-at-scale.html
Linux沙箱 | 阿里云恶意文件检测平台开放Linux二进制文件检测:https://www.anquanke.com/post/id/276349#10006-weixin-1-52626-6b3bffd01fdde4900130bc5a2751b6d1
恶意软件逃逸攻击
一、论文
- A survey on practical adversarial examples for malware classifiers
- 论文分析:https://powerlzy.github.io/posts/17HFC4S/
- 项目概述:恶意软件的对抗样本综述
- Awesome Resources for Adversarial Attacks and Defenses for
Windows PE Malware Detection
- 项目地址:https://github.com/ryderling/adversarial-attacks-and-defenses-for-windows-pe-malware-detection
- 项目概述:针对Windows PE恶意软件检测的对抗性攻击和防御的精心策划的资源列表。别人总结的到2021年之前。
- Adversarial Training for Raw-Binary Malware
Classifiers
- 论文地址:https://www.usenix.org/conference/usenixsecurity23/presentation/lucas
- 项目概述:2023 USENIX Security-原始二进制恶意软件分类器的对抗性训练
- Adversarial Attacks and Defenses in Deep Learning: From a
Perspective of Cybersecurity
- 论文地址:https://dl.acm.org/doi/10.1145/3547330
- 项目概述:ACM Computing Surveys-系统地理解对抗性攻击提供第一个分析框架
- Black-Box Adversarial Attacks Against Deep
Learning Based Malware Binaries Detection with GAN
- 论文分析:https://powerlzy.github.io/posts/35K4AXJ/
- 项目概述:GAPGAN
- 深度学习赋能的恶意代码攻防研究进展 (2021 计算机学报)
- Intriguing Properties of Adversarial ML Attacks in the
Problem Space (2020 S&P)
- 项目概述:重点理解问题空间定义和搜索策略
- Functionality-Preserving Black-Box Optimization of
Adversarial Windows Malware (2021 TIFS)
- 论文分析:https://powerlzy.github.io/posts/3SMQYQP/
- 项目概述:攻击被形式化为一个有约束的最小化问题,这也使得规避检测的概率和注入的有效负载的大小之间的权衡得到优化。
- Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection
二、项目
2.1 开源论文
- MALGAN: Generating Adversarial Malware Examples for
Black-Box Attacks Based on GAN
- 项目地址:https://github.com/PowerLZY/MalGAN
- 项目概述:动态分析+逃逸攻击
- Evading Machine Learning Malware Detection
- 项目地址:https://github.com/drhyrum/gym-malware
- 项目概述:blackhat 2017,强化学习
- MAB-Malware
- 项目地址:https://github.com/weisong-ucr/MAB-malware
- 项目概述:MAB恶意软件是一个开源的强化学习框架,用于生成PE恶意软件的AE。
- dversarial Deep Ensemble: Evasion Attacks and Defenses for Malware
Detection
- 项目地址:https://github.com/deqangss/adv-dnn-ens-malware
- 项目概述:对抗性深度集成;Android恶意软件变体
2.2 开源工具
- secml-malware
- 项目地址:https://github.com/pralab/secml_malware
- 项目概述:针对机器学习Windows恶意软件检测器创建对抗性攻击
- CleverHans
- 项目地址:https://github.com/cleverhans-lab/cleverhans
- 项目概述:用于构建攻击、构建防御和基准测试的对抗性示例库
三、比赛
- 2021 Machine Learning Security Evasion Competition
- 比赛链接:
- https://mlsec.io/;
- https://cujo.com/announcing-the-winners-of-the-2021-machine-learning-security-evasion-competition/
- 比赛链接: