AVID-2023-V001

Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case Study
Summary
The Palo Alto Networks Security AI research team tested a deep learning model for malware command and control (C&C) traffic detection in HTTP traffic. Based on the publicly available [paper by Le et al.](https://arxiv.org/abs/1802.03162), we built a model that was trained on a similar dataset as our production model and had similar performance. Then we crafted adversarial samples, queried the model, and adjusted the adversarial sample accordingly until the model was evaded.
Risk domain
Security
SEP view
S0403: Adversarial Example
Lifecycle
L02: Data Understanding, L06: Deployment
Affected artifacts
References
URL Label
https://atlas.mitre.org/studies/AML.CS0000 Evasion of Deep Learning Detector for Malware C&C Traffic
https://arxiv.org/abs/1802.03162 Le, Hung, et al. "URLNet: Learning a URL representation with deep learning for malicious URL detection." arXiv preprint arXiv:1802.03162 (2018).

{
  "affects": {
    "artifacts": [
      {
        "name": "Palo Alto Networks malware detection system",
        "type": "System"
      }
    ],
    "deployer": [
      "Palo Alto Networks malware detection system"
    ],
    "developer": []
  },
  "credit": null,
  "data_type": "AVID",
  "data_version": "0.2",
  "description": {
    "lang": "eng",
    "value": "The Palo Alto Networks Security AI research team tested a deep learning model for malware command and control (C\u0026C) traffic detection in HTTP traffic.\nBased on the publicly available [paper by Le et al.](https://arxiv.org/abs/1802.03162), we built a model that was trained on a similar dataset as our production model and had similar performance.\nThen we crafted adversarial samples, queried the model, and adjusted the adversarial sample accordingly until the model was evaded."
  },
  "impact": {
    "avid": {
      "lifecycle_view": [
        "L02: Data Understanding",
        "L06: Deployment"
      ],
      "risk_domain": [
        "Security"
      ],
      "sep_view": [
        "S0403: Adversarial Example"
      ],
      "taxonomy_version": "0.2"
    }
  },
  "last_modified_date": "2023-03-31",
  "metadata": {
    "vuln_id": "AVID-2023-V001"
  },
  "problemtype": {
    "classof": "ATLAS Case Study",
    "description": {
      "lang": "eng",
      "value": "Evasion of Deep Learning Detector for Malware C\u0026C Traffic"
    },
    "type": "Advisory"
  },
  "published_date": "2023-03-31",
  "references": [
    {
      "label": "Evasion of Deep Learning Detector for Malware C\u0026C Traffic",
      "type": "source",
      "url": "https://atlas.mitre.org/studies/AML.CS0000"
    },
    {
      "label": "Le, Hung, et al. \"URLNet: Learning a URL representation with deep learning for malicious URL detection.\" arXiv preprint arXiv:1802.03162 (2018).",
      "type": "source",
      "url": "https://arxiv.org/abs/1802.03162"
    }
  ],
  "reports": null
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…