AVID-2023-V001
Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case StudySummary
The Palo Alto Networks Security AI research team tested a deep learning model for malware command and control (C&C) traffic detection in HTTP traffic.
Based on the publicly available [paper by Le et al.](https://arxiv.org/abs/1802.03162), we built a model that was trained on a similar dataset as our production model and had similar performance.
Then we crafted adversarial samples, queried the model, and adjusted the adversarial sample accordingly until the model was evaded.
Risk domain
Security
SEP view
S0403: Adversarial Example
Lifecycle
L02: Data Understanding, L06: Deployment
Organisations
Palo Alto Networks malware detection system (deployer)
Affected artifacts
1 artifact
| Artifact | Type |
|---|---|
| Palo Alto Networks malware detection system | System |
References
2 references
| URL | Label |
|---|---|
| https://atlas.mitre.org/studies/AML.CS0000 | Evasion of Deep Learning Detector for Malware C&C Traffic |
| https://arxiv.org/abs/1802.03162 | Le, Hung, et al. "URLNet: Learning a URL representation with deep learning for malicious URL detection." arXiv preprint arXiv:1802.03162 (2018). |
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…