Cybersecurity vendors Endgame and VMRay and testing house MRG Effitas used DEF CON 27 to announce that they have partnered under AI Village to launch the Machine Learning Static Evasion Contest. The second annual AI Village is a place where experts in artificial intelligence (AI) and security can come together to learn and discuss the use, and misuse, of AI in traditional security.
With the growing number of cyber threats faced by organizations and individuals, cybersecurity technology must adapt to match the level of sophistication and agility presented by new and unprecedented threats. The purpose of the Machine Learning Static Evasion Contest is to engage with the hacking community at DEF CON 27 and beyond, and present to adversarial machine learning researchers a realistic challenge that accurately reflects the difficulties of maintaining a strong security posture, while encouraging openness and transparency within the cybersecurity industry.
“Cybersecurity is a constantly evolving discipline, and one of the best ways to explore the broad space of potentially evasive behavior in future malware is to employ adversarial machine learning methods that exploit worst-case conditions of machine learning model detection,” said Hyrum Anderson, Chief Scientist at Endgame. “In facilitating this competition, we hope to encourage machine learning researchers who have experience in evading image recognition systems, for example, to be introduced to a threat model that is more common in traditional information security. And concurrently, the competitors can highlight weaknesses or oversights that may be present in today’s anti-malware products.”
“Even though it is theoretically impossible to determine from a piece of software whether it has malicious intent or not, modern endpoint protections provide very good practical protections. The theory and practice of how signature-based malware detection can be evaded is well researched. But when it comes to evading machine learning models and finding their blind spots, very little research has been published. We hope this competition can advance this field with practical solutions,” said Zoltan Balazs, CTO, MRG Effitas
As part of this year’s competition, participants will modify and test 50 working malware samples against sophisticated machine learning models. The modified malware samples must remain fully functional, while evading two different machine learning models provided by Endgame. The competition will demonstrate a white box attack, wherein participants will have access to each model’s parameters and source code. After being uploaded onto the MRG Effitas platform, the modified malware samples will be detonated in VMRay, an evasion resistant, hypervisor-based sandboxing technology. VMRay’s technology ensures full visibility into malware behaviour, monitoring every interaction between the malware and the system. Points will be awarded to participants based on how many samples bypass each machine learning model.
To qualify for the prize of NVIDIA’s fastest PC GPU for deep learning, the winner will publish a blog post sharing how they successfully updated the malware to evade the machine learning model. To learn more about how to enter this competition, please visit https://evademalwareml.io.