Attacking the First-Principle: A Black-Box, Query-Free Targeted Mimicry Attack on Binary Function Classifiers
Saved in:
| Title: | Attacking the First-Principle: A Black-Box, Query-Free Targeted Mimicry Attack on Binary Function Classifiers |
|---|---|
| Authors: | Sauger, Gabriel, Marion, Jean-Yves, Rahaman, Sazzadur, Tourneur, Vincent, Ali, Muaz, Matrat, Victor |
| Contributors: | Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Carbone (CARBONE), Department of Formal Methods (LORIA - FM), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), University of Arizona, Semantic Analysis of Natural Language (SEMAGRAMME), Centre Inria de l'Université de Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Natural Language Processing & Knowledge Discovery (LORIA - NLPKD), Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-CentraleSupélec-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), ANR-22-PECY-0007,Defmal,Defense against malware(2022) |
| Source: | https://hal.science/hal-04914773 ; 2026. |
| Publisher Information: | CCSD |
| Publication Year: | 2026 |
| Subject Terms: | Black-box Adversarial Attack, Targeted Adversarial Attack, Query- free Adversarial Attack, Supply-Chain Attack, Function Binary Code Similarity, Reverse-Engineering, Machine Learning, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], [INFO.INFO-LG]Computer Science [cs]/Machine Learning [cs.LG] |
| Description: | Binary function classifiers play a crucial role in maintaining the security and integrity of software systems by detecting malicious code and unauthorized modifications. However, machine learning-based classifiers are vulnerable to adversarial attacks that can evade detection. In this study, we present Kelpie, a novel framework for executing mimicry attacks, a stronger type of targeted evasion attacks, on binary function classifiers in a black-box, zero-query setting. Unlike previous approaches that rely on querying the target classifier to refine untargeted evasion attacks, Kelpie leverages code transformations that preserve the functionality of malicious payloads while causing them to be misclassified as we want. Through extensive experimentation, we demonstrate that Kelpie can successfully execute mimicry attacks against six state-of-the-art binary function classifiers representing different model architectures without requiring direct interaction with them. We further validate our approach with a practical demonstration, involving a keylogger and a wiper concealed within benign-looking functions embedded in an application. This work, to our best knowledge, is the first to demonstrate such a mimicry attack in a black-box, zero-query context, raising important questions about the reliability and security of existing machine learning-based binary function classifiers. |
| Document Type: | report |
| Language: | English |
| Availability: | https://hal.science/hal-04914773 https://hal.science/hal-04914773v2/document https://hal.science/hal-04914773v2/file/kelpie_with_authors.pdf |
| Rights: | http://creativecommons.org/licenses/by-nc-sa/ ; info:eu-repo/semantics/OpenAccess |
| Accession Number: | edsbas.F227792D |
| Database: | BASE |
Nájsť tento článok vo Web of Science Be the first to leave a comment!