Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by Palo Alto Networks malware detection system

    AVID-2023-V001

    Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case Study
    Summary
    The Palo Alto Networks Security AI research team tested a deep learning model for malware command and control (C&C) traffic detection in HTTP traffic. Based on the publicly available [paper by Le et al.](https://arxiv.org/abs/1802.03162), we built a model that was trained on a similar dataset as our production model and had similar performance. Then we crafted adversarial samples, queried the model, and adjusted the adversarial sample accordingly until the model was evaded.
    Risk domain
    Security
    SEP view
    S0403: Adversarial Example
    Lifecycle
    L02: Data Understanding, L06: Deployment
    Affected artifacts
    References
    URL Label
    https://atlas.mitre.org/studies/AML.CS0000 Evasion of Deep Learning Detector for Malware C&C Traffic
    https://arxiv.org/abs/1802.03162 Le, Hung, et al. "URLNet: Learning a URL representation with deep learning for malicious URL detection." arXiv preprint arXiv:1802.03162 (2018).

    {
      "affects": {
        "artifacts": [
          {
            "name": "Palo Alto Networks malware detection system",
            "type": "System"
          }
        ],
        "deployer": [
          "Palo Alto Networks malware detection system"
        ],
        "developer": []
      },
      "credit": null,
      "data_type": "AVID",
      "data_version": "0.2",
      "description": {
        "lang": "eng",
        "value": "The Palo Alto Networks Security AI research team tested a deep learning model for malware command and control (C\u0026C) traffic detection in HTTP traffic.\nBased on the publicly available [paper by Le et al.](https://arxiv.org/abs/1802.03162), we built a model that was trained on a similar dataset as our production model and had similar performance.\nThen we crafted adversarial samples, queried the model, and adjusted the adversarial sample accordingly until the model was evaded."
      },
      "impact": {
        "avid": {
          "lifecycle_view": [
            "L02: Data Understanding",
            "L06: Deployment"
          ],
          "risk_domain": [
            "Security"
          ],
          "sep_view": [
            "S0403: Adversarial Example"
          ],
          "taxonomy_version": "0.2"
        }
      },
      "last_modified_date": "2023-03-31",
      "metadata": {
        "vuln_id": "AVID-2023-V001"
      },
      "problemtype": {
        "classof": "ATLAS Case Study",
        "description": {
          "lang": "eng",
          "value": "Evasion of Deep Learning Detector for Malware C\u0026C Traffic"
        },
        "type": "Advisory"
      },
      "published_date": "2023-03-31",
      "references": [
        {
          "label": "Evasion of Deep Learning Detector for Malware C\u0026C Traffic",
          "type": "source",
          "url": "https://atlas.mitre.org/studies/AML.CS0000"
        },
        {
          "label": "Le, Hung, et al. \"URLNet: Learning a URL representation with deep learning for malicious URL detection.\" arXiv preprint arXiv:1802.03162 (2018).",
          "type": "source",
          "url": "https://arxiv.org/abs/1802.03162"
        }
      ],
      "reports": null
    }