Recent research has shown that many machine learning algorithms are susceptible to misclassification via the construction of adversarial examples. These cleverly crafted inputs are designed to toe the line of classifier decision boundaries, and are typically constructed by slightly perturbing correctly classified samples until the classifier misclassifies it, even though the sample is largely the same. Researchers have published ways to construct these examples with full, some, or no knowledge of the target classifier, and have furthermore shown their applicability to a variety of domains, including in security.
In this talk, we’ll discuss several experiments where we attempted to make Meterpreter – a well-known and well-signatured RAT – into an adversarial example. To do this, we leveraged the open-source gym-malware package, which treats the classifier as a black-box and uses reinforcement learning to train an agent to apply perturbations that result in evasive malware. Deviating from existing work, our approach trained the agent on differently-compiled versions of Meterpreter, as opposed to a large corpus of unrelated malware samples. The results of our experiments were underwhelming, showing little difference between our trained agent and random perturbations. However, further analysis of the results highlight interesting trends and areas for future research.
Andy Applebaum is a security researcher at The MITRE Corporation, where he works on applied and theoretical security research problems, including as one of the leads on the CALDERA automated adversary emulation project and as a member of the ATT&CK team. His work tends to lie at the intersection of security, automation, and reasoning, with a growing personal interest in understanding how attackers can thwart machine learning algorithms in security settings. Andy received his PhD in computer science from the University of California Davis and he holds the OSCP certification. Outside of work, Andy is an avid chess player, having recently won the 2018 DEF CON chess championship.