IIoT Deep Malware Threat Hunting: From Adversarial Example Detection to Adversarial Scenario Detection
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
Protecting widely used deep classifiers against black-box adversarial attacks is a recent research challenge in many security-related areas, including malware classification. This class of attacks relies on optimizing a sequence of highly similar queries to bypass given classifiers. In this article, we leverage this property and propose a history-based method named, <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">stateful query analysis (SQA)</i> , which analyzes sequences of queries received by a malware classifier to detect black-box adversarial attacks on an industrial Internet of Things (IIoT). In the SQA pipeline, there are two components, namely the similarity encoder and the classifier, both based on convolutional neural networks. Unlike the state-of-the-art methods, which aim to identify individual adversarial examples, tracking the history of queries allows our method to identify adversarial scenarios and abort attacks before their completion. We optimize SQA using different combinations of hyperparameters on an advanced risc machine (ARM)-based IIoT malware dataset, widely adopted for malware threat hunting in industry 4.0. The use of a novel distance metric in calculating the loss function of the similarity encoder results in more disentangled representations and improves the performance of our method. Our evaluations demonstrate the validity of SQA via a detection rate of 93.1% over a wide range of adversarial examples.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.001 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.001 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.001 | 0.002 |
| Science and technology studies | 0.002 | 0.000 |
| Scholarly communication | 0.000 | 0.002 |
| Open science | 0.001 | 0.000 |
| Research integrity | 0.000 | 0.002 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it