Bypassing NGAV for Fun and Profit

Presented at Black Hat Europe 2020 Virtual, Dec. 10, 2020, 10:20 a.m. (40 minutes)

In this talk, we demonstrate the first methodological approach to "reverse engineer" a NGAV model and features without reversing<br>the product, and generate a PE malware that bypasses next generation anti-virus (NGAV) products (e.g., Cylance). Previous such attacks against such machine learning based malware classifiers only add new features and do not modify existing features to avoid harming the modified malware executable's functionality, making such executables easier to detect.<br><br>In contrast, we split the adversarial example generation task into two parts:<br><ol><li>find the importance of all features for a specific sample using explainability algorithms, and</li><li>conduct a feature-specific modification (e.g., checksums, timestamp, IAT, etc.), feature-by-feature.</li></ol><br>In order to apply our attack to NGAV with unknown classifier architecture, we leverage the concept of transferability, i.e., different classifiers using different features subsets and trained on different datasets still have similar subset of important features. Using this concept, we attack a publicly available classifier and generate malware PE files that evade not only that classifier, but also commercial NGAV. We also demonstrate additional techniques, such as the sliding window approach to understand the most important features in the attacked classifier.

Presenters:

• Ishai Rosenberg - Head of Deep Learning Group, Deep Instinct Ltd.
  Ishai Rosenberg is the manager of the Deep Learning group at Deep-Instinct, in charge of all deep learning and data science related features, capabilities and algorithms across Deep-Instinct's product line. Ishai has over 15 years of experience in various cyber security and machine learning R&D positions in both governmental and private organizations Ishai is a PhD candidate in the Software and Information Systems Engineering department in Ben Gurion University, focusing in adversarial deep learning for RNNs.
• Shai Meir - Cyber Security Researcher, Deep Instinct Ltd.
  Shai Meir is a reverser, mathematician and an aspiring data scientist with over 20 years of experience. Shai has worked in various domains of the industry from writing low-level code, reversing on embedded, mobile and Windows platforms, vulnerability research, code analysis and code obfuscation through machine learning and deep learning over the past five years. At Deep-Instinct, Shai is a member of Deep-Instinct's deep learning group, researching adversarial examples and bringing additional domain knowledge to the company's deep learning models.

Links:

• https://www.blackhat.com/eu-20/briefings/schedule/#bypassing-ngav-for-fun-and-profit-21181

Similar Presentations:

• Black Hat USA 2019 / Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
• Black Hat USA 2020 Virtual / Dive into Apple IO80211FamilyV2
• Black Hat USA 2019 / Death to the IOC: What's Next in Threat Intelligence