Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks

Author

Jianwen TIAN
Kefan QIU
Debin GAO, Singapore Management UniversityFollow
Zhi WANG
Xiaohui KUANG
Gang ZHAO

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

8-2023

Abstract

Nowadays, using AI-based detectors to keep pace with the fast iterating of malware has attracted a great attention. However, most AI-based malware detectors use features with vast sparse subspaces to characterize applications, which brings significant vulnerabilities to the model. To exploit this sparsityrelated vulnerability, we propose a clean-label backdoor attack consisting of a dissimilarity metric-based candidate selection and a variation ratio-based trigger construction. The proposed backdoor is verified on different datasets, including a Windows PE dataset, an Android dataset with numerical and boolean feature values, and a PDF dataset. The experimental results show that the attack can slash the accuracy on watermarked malware to nearly 0% even with the least number (0.01% of the class set) of watermarked goodwares compared to previous attacks. Problem space constraints are also considered with experiments in data-agnostic scenario and data-and-model-agnostic scenario, proving transferability between different datasets as well as deep neural networks and traditional classifiers. The attack is verified consistently powerful under the above scenarios. Moreover, eight existing defenses were tested with their effect left much to be desired. We demonstrated the reason and proposed a subspace compression strategy to boost models' robustness, which also makes part of the previously failed defenses effective.

Keywords

Backdoors, Boolean features, Candidate selection, Compression strategies, Feature values, Malwares, Model robustness, Numerical features, Problem space, Space constraints

Discipline

Databases and Information Systems | Software Engineering

Research Areas

Data Science and Engineering; Information Systems and Management

Publication

Proceedings of the 32nd USENIX Security Symposium, Anaheim, United States, 2023 August 9-11

Volume

4

First Page

2689

Last Page

2706

ISBN

9781713879497

Publisher

USENIX

City or Country

California

Citation

TIAN, Jianwen; QIU, Kefan; GAO, Debin; WANG, Zhi; KUANG, Xiaohui; and ZHAO, Gang. Sparsity brings vulnerabilities: Exploring new metrics in backdoor attacks. (2023). Proceedings of the 32nd USENIX Security Symposium, Anaheim, United States, 2023 August 9-11. 4, 2689-2706.
Available at: https://ink.library.smu.edu.sg/sis_research/8418

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.