-
Counteracting Concept Drift by Learning with Future Malware Predictions
Authors:
Branislav Bosansky,
Lada Hospodkova,
Michal Najman,
Maria Rigaki,
Elnaz Babayeva,
Viliam Lisy
Abstract:
The accuracy of deployed malware-detection classifiers degrades over time due to changes in data distributions and increasing discrepancies between training and testing data. This phenomenon is known as the concept drift. While the concept drift can be caused by various reasons in general, new malicious files are created by malware authors with a clear intention of avoiding detection. The existenc…
▽ More
The accuracy of deployed malware-detection classifiers degrades over time due to changes in data distributions and increasing discrepancies between training and testing data. This phenomenon is known as the concept drift. While the concept drift can be caused by various reasons in general, new malicious files are created by malware authors with a clear intention of avoiding detection. The existence of the intention opens a possibility for predicting such future samples. Including predicted samples in training data should consequently increase the accuracy of the classifiers on new testing data.
We compare two methods for predicting future samples: (1) adversarial training and (2) generative adversarial networks (GANs). The first method explicitly seeks for adversarial examples against the classifier that are then used as a part of training data. Similarly, GANs also generate synthetic training data. We use GANs to learn changes in data distributions within different time periods of training data and then apply these changes to generate samples that could be in testing data. We compare these prediction methods on two different datasets: (1) Ember public dataset and (2) the internal dataset of files incoming to Avast. We show that while adversarial training yields more robust classifiers, this method is not a good predictor of future malware in general. This is in contrast with previously reported positive results in different domains (including natural language processing and spam detection). On the other hand, we show that GANs can be successfully used as predictors of future malware. We specifically examine malware families that exhibit significant changes in their data distributions over time and the experimental results confirm that GAN-based predictions can significantly improve the accuracy of the classifier on new, previously unseen data.
△ Less
Submitted 14 April, 2024;
originally announced April 2024.
-
How to Train your Antivirus: RL-based Hardening through the Problem-Space
Authors:
Jacopo Cortellazzi,
Ilias Tsingenopoulos,
Branislav Bošanský,
Simone Aonzo,
Davy Preuveneers,
Wouter Joosen,
Fabio Pierazzi,
Lorenzo Cavallaro
Abstract:
ML-based malware detection on dynamic analysis reports is vulnerable to both evasion and spurious correlations. In this work, we investigate a specific ML architecture employed in the pipeline of a widely-known commercial antivirus company, with the goal to harden it against adversarial malware. Adversarial training, the sole defensive technique that can confer empirical robustness, is not applica…
▽ More
ML-based malware detection on dynamic analysis reports is vulnerable to both evasion and spurious correlations. In this work, we investigate a specific ML architecture employed in the pipeline of a widely-known commercial antivirus company, with the goal to harden it against adversarial malware. Adversarial training, the sole defensive technique that can confer empirical robustness, is not applicable out of the box in this domain, for the principal reason that gradient-based perturbations rarely map back to feasible problem-space programs. We introduce a novel Reinforcement Learning approach for constructing adversarial examples, a constituent part of adversarially training a model against evasion. Our approach comes with multiple advantages. It performs modifications that are feasible in the problem-space, and only those; thus it circumvents the inverse map** problem. It also makes possible to provide theoretical guarantees on the robustness of the model against a particular set of adversarial capabilities. Our empirical exploration validates our theoretical insights, where we can consistently reach 0\% Attack Success Rate after a few adversarial retraining iterations.
△ Less
Submitted 29 February, 2024;
originally announced February 2024.
-
Cyber Deception against Zero-day Attacks: A Game Theoretic Approach
Authors:
Md Abu Sayed,
Ahmed H. Anwar,
Christopher Kiekintveld,
Branislav Bosansky,
Charles Kamhoua
Abstract:
Reconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by misrepresenting the true state of the network. Existing work on cyber deception does not model zero-day attacks. In this paper, we address the question of "H…
▽ More
Reconnaissance activities precedent other attack steps in the cyber kill chain. Zero-day attacks exploit unknown vulnerabilities and give attackers the upper hand against conventional defenses. Honeypots have been used to deceive attackers by misrepresenting the true state of the network. Existing work on cyber deception does not model zero-day attacks. In this paper, we address the question of "How to allocate honeypots over the network?" to protect its most valuable assets. To this end, we develop a two-player zero-sum game theoretic approach to study the potential reconnaissance tracks and attack paths that attackers may use. However, zero-day attacks allow attackers to avoid placed honeypots by creating new attack paths. Therefore, we introduce a sensitivity analysis to investigate the impact of different zero-day vulnerabilities on the performance of the proposed deception technique. Next, we propose several mitigating strategies to defend the network against zero-day attacks based on this analysis. Finally, our numerical results validate our findings and illustrate the effectiveness of the proposed defense approach.
△ Less
Submitted 25 July, 2023; v1 submitted 24 July, 2023;
originally announced July 2023.
-
Avast-CTU Public CAPE Dataset
Authors:
Branislav Bosansky,
Dominik Kouba,
Ondrej Manhal,
Thorsten Sick,
Viliam Lisy,
Jakub Kroustek,
Petr Somol
Abstract:
There is a limited amount of publicly available data to support research in malware analysis technology. Particularly, there are virtually no publicly available datasets generated from rich sandboxes such as Cuckoo/CAPE. The benefit of using dynamic sandboxes is the realistic simulation of file execution in the target machine and obtaining a log of such execution. The machine can be infected by ma…
▽ More
There is a limited amount of publicly available data to support research in malware analysis technology. Particularly, there are virtually no publicly available datasets generated from rich sandboxes such as Cuckoo/CAPE. The benefit of using dynamic sandboxes is the realistic simulation of file execution in the target machine and obtaining a log of such execution. The machine can be infected by malware hence there is a good chance of capturing the malicious behavior in the execution logs, thus allowing researchers to study such behavior in detail. Although the subsequent analysis of log information is extensively covered in industrial cybersecurity backends, to our knowledge there has been only limited effort invested in academia to advance such log analysis capabilities using cutting edge techniques. We make this sample dataset available to support designing new machine learning methods for malware detection, especially for automatic detection of generic malicious behavior. The dataset has been collected in cooperation between Avast Software and Czech Technical University - AI Center (AIC).
△ Less
Submitted 6 September, 2022;
originally announced September 2022.
-
Explaining Classifiers Trained on Raw Hierarchical Multiple-Instance Data
Authors:
Tomáš Pevný,
Viliam Lisý,
Branislav Bošanský,
Petr Somol,
Michal Pěchouček
Abstract:
Learning from raw data input, thus limiting the need for feature engineering, is a component of many successful applications of machine learning methods in various domains. While many problems naturally translate into a vector representation directly usable in standard classifiers, a number of data sources have the natural form of structured data interchange formats (e.g., security logs in JSON/XM…
▽ More
Learning from raw data input, thus limiting the need for feature engineering, is a component of many successful applications of machine learning methods in various domains. While many problems naturally translate into a vector representation directly usable in standard classifiers, a number of data sources have the natural form of structured data interchange formats (e.g., security logs in JSON/XML format). Existing methods, such as in Hierarchical Multiple Instance Learning (HMIL), allow learning from such data in their raw form. However, the explanation of the classifiers trained on raw structured data remains largely unexplored. By treating these models as sub-set selections problems, we demonstrate how interpretable explanations, with favourable properties, can be generated using computationally efficient algorithms. We compare to an explanation technique adopted from graph neural networks showing an order of magnitude speed-up and higher-quality explanations.
△ Less
Submitted 4 August, 2022;
originally announced August 2022.
-
Computing Stackelberg Equilibrium with Memory in Sequential Games
Authors:
Aditya Aradhye,
Branislav Bošanský,
Michael Hlaváček
Abstract:
Stackelberg equilibrium is a solution concept that describes optimal strategies to commit: Player 1 (the leader) first commits to a strategy that is publicly announced, then Player 2 (the follower) plays a best response to the leader's commitment. We study the problem of computing Stackelberg equilibria in sequential games with finite and indefinite horizons, when players can play history-dependen…
▽ More
Stackelberg equilibrium is a solution concept that describes optimal strategies to commit: Player 1 (the leader) first commits to a strategy that is publicly announced, then Player 2 (the follower) plays a best response to the leader's commitment. We study the problem of computing Stackelberg equilibria in sequential games with finite and indefinite horizons, when players can play history-dependent strategies. Using the alternate formulation called strategies with memory, we establish that strategy profiles with polynomial memory size can be described efficiently. We prove that there exist a polynomial time algorithm which computes the Strong Stackelberg Equilibrium in sequential games defined on directed acyclic graphs, where the strategies depend only on the memory states from a set which is linear in the size of the graph. We extend this result to games on general directed graphs which may contain cycles. We also analyze the setting for approximate version of Strong Stackelberg Equilibrium in the games with chance nodes.
△ Less
Submitted 3 November, 2021;
originally announced November 2021.
-
Improving Robustness of Malware Classifiers using Adversarial Strings Generated from Perturbed Latent Representations
Authors:
Marek Galovic,
Branislav Bosansky,
Viliam Lisy
Abstract:
In malware behavioral analysis, the list of accessed and created files very often indicates whether the examined file is malicious or benign. However, malware authors are trying to avoid detection by generating random filenames and/or modifying used filenames with new versions of the malware. These changes represent real-world adversarial examples. The goal of this work is to generate realistic ad…
▽ More
In malware behavioral analysis, the list of accessed and created files very often indicates whether the examined file is malicious or benign. However, malware authors are trying to avoid detection by generating random filenames and/or modifying used filenames with new versions of the malware. These changes represent real-world adversarial examples. The goal of this work is to generate realistic adversarial examples and improve the classifier's robustness against these attacks. Our approach learns latent representations of input strings in an unsupervised fashion and uses gradient-based adversarial attack methods in the latent domain to generate adversarial examples in the input domain. We use these examples to improve the classifier's robustness by training on the generated adversarial set of strings. Compared to classifiers trained only on perturbed latent vectors, our approach produces classifiers that are significantly more robust without a large trade-off in standard accuracy.
△ Less
Submitted 22 October, 2021;
originally announced October 2021.
-
Solving Zero-Sum One-Sided Partially Observable Stochastic Games
Authors:
Karel Horák,
Branislav Bošanský,
Vojtěch Kovařík,
Christopher Kiekintveld
Abstract:
Many security and other real-world situations are dynamic in nature and can be modelled as strictly competitive (or zero-sum) dynamic games. In these domains, agents perform actions to affect the environment and receive observations -- possibly imperfect -- about the situation and the effects of the opponent's actions. Moreover, there is no limitation on the total number of actions an agent can pe…
▽ More
Many security and other real-world situations are dynamic in nature and can be modelled as strictly competitive (or zero-sum) dynamic games. In these domains, agents perform actions to affect the environment and receive observations -- possibly imperfect -- about the situation and the effects of the opponent's actions. Moreover, there is no limitation on the total number of actions an agent can perform -- that is, there is no fixed horizon. These settings can be modelled as partially observable stochastic games (POSGs). However, solving general POSGs is computationally intractable, so we focus on a broad subclass of POSGs called one-sided POSGs. In these games, only one agent has imperfect information while their opponent has full knowledge of the current situation. We provide a full picture for solving one-sided POSGs: we (1) give a theoretical analysis of one-sided POSGs and their value functions, (2) show that a variant of a value-iteration algorithm converges in this setting, (3) adapt the heuristic search value-iteration algorithm for solving one-sided POSGs, (4) describe how to use approximate value functions to derive strategies in the game, and (5) demonstrate that our algorithm can solve one-sided POSGs of non-trivial sizes and analyze the scalability of our algorithm in three different domains: pursuit-evasion, patrolling, and search games.
△ Less
Submitted 21 October, 2020;
originally announced October 2020.
-
Discovering Imperfectly Observable Adversarial Actions using Anomaly Detection
Authors:
Olga Petrova,
Karel Durkota,
Galina Alperovich,
Karel Horak,
Michal Najman,
Branislav Bosansky,
Viliam Lisy
Abstract:
Anomaly detection is a method for discovering unusual and suspicious behavior. In many real-world scenarios, the examined events can be directly linked to the actions of an adversary, such as attacks on computer networks or frauds in financial operations. While the defender wants to discover such malicious behavior, the attacker seeks to accomplish their goal (e.g., exfiltrating data) while avoidi…
▽ More
Anomaly detection is a method for discovering unusual and suspicious behavior. In many real-world scenarios, the examined events can be directly linked to the actions of an adversary, such as attacks on computer networks or frauds in financial operations. While the defender wants to discover such malicious behavior, the attacker seeks to accomplish their goal (e.g., exfiltrating data) while avoiding the detection. To this end, anomaly detectors have been used in a game-theoretic framework that captures these goals of a two-player competition. We extend the existing models to more realistic settings by (1) allowing both players to have continuous action spaces and by assuming that (2) the defender cannot perfectly observe the action of the attacker. We propose two algorithms for solving such games -- a direct extension of existing algorithms based on discretizing the feature space and linear programming and the second algorithm based on constrained learning. Experiments show that both algorithms are applicable for cases with low feature space dimensions but the learning-based method produces less exploitable strategies and it is scalable to higher dimensions. Moreover, we use real-world data to compare our approaches with existing classifiers in a data-exfiltration scenario via the DNS channel. The results show that our models are significantly less exploitable by an informed attacker.
△ Less
Submitted 22 April, 2020;
originally announced April 2020.
-
Compact Representation of Value Function in Partially Observable Stochastic Games
Authors:
Karel Horák,
Branislav Bošanský,
Christopher Kiekintveld,
Charles Kamhoua
Abstract:
Value methods for solving stochastic games with partial observability model the uncertainty about states of the game as a probability distribution over possible states. The dimension of this belief space is the number of states. For many practical problems, for example in security, there are exponentially many possible states which causes an insufficient scalability of algorithms for real-world pr…
▽ More
Value methods for solving stochastic games with partial observability model the uncertainty about states of the game as a probability distribution over possible states. The dimension of this belief space is the number of states. For many practical problems, for example in security, there are exponentially many possible states which causes an insufficient scalability of algorithms for real-world problems. To this end, we propose an abstraction technique that addresses this issue of the curse of dimensionality by projecting high-dimensional beliefs to characteristic vectors of significantly lower dimension (e.g., marginal probabilities). Our two main contributions are (1) novel compact representation of the uncertainty in partially observable stochastic games and (2) novel algorithm based on this compact representation that is based on existing state-of-the-art algorithms for solving stochastic games with partial observability. Experimental evaluation confirms that the new algorithm over the compact representation dramatically increases the scalability compared to the state of the art.
△ Less
Submitted 13 March, 2019;
originally announced March 2019.
-
Automated Construction of Bounded-Loss Imperfect-Recall Abstractions in Extensive-Form Games
Authors:
Jiri Cermak,
Viliam Lisy,
Branislav Bosansky
Abstract:
Extensive-form games (EFGs) model finite sequential interactions between players. The amount of memory required to represent these games is the main bottleneck of algorithms for computing optimal strategies and the size of these strategies is often impractical for real-world applications. A common approach to tackle the memory bottleneck is to use information abstraction that removes parts of info…
▽ More
Extensive-form games (EFGs) model finite sequential interactions between players. The amount of memory required to represent these games is the main bottleneck of algorithms for computing optimal strategies and the size of these strategies is often impractical for real-world applications. A common approach to tackle the memory bottleneck is to use information abstraction that removes parts of information available to players thus reducing the number of decision points in the game. However, existing information-abstraction techniques are either specific for a particular domain, they do not provide any quality guarantees, or they are applicable to very small subclasses of EFGs. We present domain-independent abstraction methods for creating imperfect recall abstractions in extensive-form games that allow computing strategies that are (near) optimal in the original game. To this end, we introduce two novel algorithms, FPIRA and CFR+IRA, based on fictitious play and counterfactual regret minimization. These algorithms can start with an arbitrary domain specific, or the coarsest possible, abstraction of the original game. The algorithms iteratively detect the missing information they require for computing a strategy for the abstract game that is (near) optimal in the original game. This information is then included back into the abstract game. Moreover, our algorithms are able to exploit imperfect-recall abstractions that allow players to forget even history of their own actions. However, the algorithms require traversing the complete unabstracted game tree. We experimentally show that our algorithms can closely approximate Nash equilibrium of large games using abstraction with as little as 0.9% of information sets of the original game. Moreover, the results suggest that memory savings increase with the increasing size of the original games.
△ Less
Submitted 15 April, 2020; v1 submitted 14 March, 2018;
originally announced March 2018.
-
Computing Maxmin Strategies in Extensive-Form Zero-Sum Games with Imperfect Recall
Authors:
Branislav Bosansky,
Jiri Cermak,
Karel Horak,
Michal Pechoucek
Abstract:
Extensive-form games with imperfect recall are an important game-theoretic model that allows a compact representation of strategies in dynamic strategic interactions. Practical use of imperfect recall games is limited due to negative theoretical results: a Nash equilibrium does not have to exist, computing maxmin strategies is NP-hard, and they may require irrational numbers. We present the first…
▽ More
Extensive-form games with imperfect recall are an important game-theoretic model that allows a compact representation of strategies in dynamic strategic interactions. Practical use of imperfect recall games is limited due to negative theoretical results: a Nash equilibrium does not have to exist, computing maxmin strategies is NP-hard, and they may require irrational numbers. We present the first algorithm for approximating maxmin strategies in two-player zero-sum imperfect recall games without absentmindedness. We modify the well-known sequence-form linear program to model strategies in imperfect recall games and use a recent technique to approximate bilinear terms. Our main algorithm is a branch-and-bound search over these linear programs that provably reaches a desired approximation after an exponential number of steps in the size of the game. Experimental evaluation shows that the proposed algorithm can approximate maxmin strategies of randomly generated imperfect recall games of sizes beyond toy-problems within few minutes.
△ Less
Submitted 24 May, 2017; v1 submitted 4 August, 2016;
originally announced August 2016.
-
Solution Concepts in A-Loss Recall Games: Existence and Computational Complexity
Authors:
Jiri Cermak,
Branislav Bosansky,
Michal Pechoucek
Abstract:
Imperfect recall games represent dynamic interactions where players forget previously known information, such as a history of played actions. The importance of imperfect recall games stems from allowing a concise representation of strategies compared to perfect recall games where players remember all information. However, most of the algorithmic results are negative for imperfect recall games -- a…
▽ More
Imperfect recall games represent dynamic interactions where players forget previously known information, such as a history of played actions. The importance of imperfect recall games stems from allowing a concise representation of strategies compared to perfect recall games where players remember all information. However, most of the algorithmic results are negative for imperfect recall games -- a Nash equilibrium~(NE) does not have to exist and computing a best response or a maxmin strategy is NP-hard. We focus on a subclass of imperfect recall games, called A-loss recall games, where a best response can be found in polynomial time. We derive novel properties of A-loss recall games, including (1) a sufficient and necessary condition for the existence of NE in A-loss recall games, (2) example where both NE and maxmin require irrational numbers for rational input, and (3) NP-hardness of problems related to finding maxmin strategies and existence of a NE strategy.
△ Less
Submitted 24 May, 2017; v1 submitted 4 August, 2016;
originally announced August 2016.
-
Dynamic Programming for One-Sided Partially Observable Pursuit-Evasion Games
Authors:
Karel Horák,
Branislav Bošanský
Abstract:
Pursuit-evasion scenarios appear widely in robotics, security domains, and many other real-world situations. We focus on two-player pursuit-evasion games with concurrent moves, infinite horizon, and discounted rewards. We assume that the players have a partial observability, however, the evader is given an advantage of knowing the current position of the units of the pursuer. This setting is parti…
▽ More
Pursuit-evasion scenarios appear widely in robotics, security domains, and many other real-world situations. We focus on two-player pursuit-evasion games with concurrent moves, infinite horizon, and discounted rewards. We assume that the players have a partial observability, however, the evader is given an advantage of knowing the current position of the units of the pursuer. This setting is particularly interesting for security domains where a robust strategy, designed to maximize the utility in the worst-case scenario, is often desirable. We provide, to the best of our knowledge, the first algorithm that provably converges to the value of a partially observable pursuit-evasion game with infinite horizon. Our algorithm extends well-known value iteration algorithm by exploiting that (1) the value functions of our game depend only on position of the pursuer and the belief he has about the current position of the evader, and (2) that these functions are piecewise linear and convex in the belief space.
△ Less
Submitted 4 August, 2016; v1 submitted 20 June, 2016;
originally announced June 2016.
-
Computation of Stackelberg Equilibria of Finite Sequential Games
Authors:
Branislav Bosansky,
Simina Branzei,
Kristoffer Arnsfelt Hansen,
Peter Bro Miltersen,
Troels Bjerre Sorensen
Abstract:
The Stackelberg equilibrium solution concept describes optimal strategies to commit to: Player 1 (termed the leader) publicly commits to a strategy and Player 2 (termed the follower) plays a best response to this strategy (ties are broken in favor of the leader). We study Stackelberg equilibria in finite sequential games (or extensive-form games) and provide new exact algorithms, approximate algor…
▽ More
The Stackelberg equilibrium solution concept describes optimal strategies to commit to: Player 1 (termed the leader) publicly commits to a strategy and Player 2 (termed the follower) plays a best response to this strategy (ties are broken in favor of the leader). We study Stackelberg equilibria in finite sequential games (or extensive-form games) and provide new exact algorithms, approximate algorithms, and hardness results for several classes of these sequential games.
△ Less
Submitted 23 August, 2016; v1 submitted 28 July, 2015;
originally announced July 2015.
-
Convergence of Monte Carlo Tree Search in Simultaneous Move Games
Authors:
Viliam Lisý,
Vojtěch Kovařík,
Marc Lanctot,
Branislav Bošanský
Abstract:
We study Monte Carlo tree search (MCTS) in zero-sum extensive-form games with perfect information and simultaneous moves. We present a general template of MCTS algorithms for these games, which can be instantiated by various selection methods. We formally prove that if a selection method is $ε$-Hannan consistent in a matrix game and satisfies additional requirements on exploration, then the MCTS a…
▽ More
We study Monte Carlo tree search (MCTS) in zero-sum extensive-form games with perfect information and simultaneous moves. We present a general template of MCTS algorithms for these games, which can be instantiated by various selection methods. We formally prove that if a selection method is $ε$-Hannan consistent in a matrix game and satisfies additional requirements on exploration, then the MCTS algorithm eventually converges to an approximate Nash equilibrium (NE) of the extensive-form game. We empirically evaluate this claim using regret matching and Exp3 as the selection methods on randomly generated games and empirically selected worst case games. We confirm the formal result and show that additional MCTS variants also converge to approximate NE on the evaluated games.
△ Less
Submitted 5 November, 2013; v1 submitted 31 October, 2013;
originally announced October 2013.