* update 2024-02-16 06:16:13

arXiv_db/Malware/2024.md

@@ -358,3 +358,27 @@
 
 </details>
 
+<details>
+
+<summary>2024-02-14 13:46:01 - Evading Black-box Classifiers Without Breaking Eggs</summary>
+
+- *Edoardo Debenedetti, Nicholas Carlini, Florian Tramèr*
+
+- `2306.02895v2` - [abs](http://arxiv.org/abs/2306.02895v2) - [pdf](http://arxiv.org/pdf/2306.02895v2)
+
+> Decision-based evasion attacks repeatedly query a black-box classifier to generate adversarial examples. Prior work measures the cost of such attacks by the total number of queries made to the classifier. We argue this metric is flawed. Most security-critical machine learning systems aim to weed out "bad" data (e.g., malware, harmful content, etc). Queries to such systems carry a fundamentally asymmetric cost: queries detected as "bad" come at a higher cost because they trigger additional security filters, e.g., usage throttling or account suspension. Yet, we find that existing decision-based attacks issue a large number of "bad" queries, which likely renders them ineffective against security-critical systems. We then design new attacks that reduce the number of bad queries by $1.5$-$7.3\times$, but often at a significant increase in total (non-bad) queries. We thus pose it as an open problem to build black-box attacks that are more effective under realistic cost metrics.
+
+</details>
+
+<details>
+
+<summary>2024-02-14 14:33:17 - Discovering Command and Control (C2) Channels on Tor and Public Networks Using Reinforcement Learning</summary>
+
+- *Cheng Wang, Christopher Redino, Abdul Rahman, Ryan Clark, Daniel Radke, Tyler Cody, Dhruv Nandakumar, Edward Bowen*
+
+- `2402.09200v1` - [abs](http://arxiv.org/abs/2402.09200v1) - [pdf](http://arxiv.org/pdf/2402.09200v1)
+
+> Command and control (C2) channels are an essential component of many types of cyber attacks, as they enable attackers to remotely control their malware-infected machines and execute harmful actions, such as propagating malicious code across networks, exfiltrating confidential data, or initiating distributed denial of service (DDoS) attacks. Identifying these C2 channels is therefore crucial in helping to mitigate and prevent cyber attacks. However, identifying C2 channels typically involves a manual process, requiring deep knowledge and expertise in cyber operations. In this paper, we propose a reinforcement learning (RL) based approach to automatically emulate C2 attack campaigns using both the normal (public) and the Tor networks. In addition, payload size and network firewalls are configured to simulate real-world attack scenarios. Results on a typical network configuration show that the RL agent can automatically discover resilient C2 attack paths utilizing both Tor-based and conventional communication channels, while also bypassing network firewalls.
+
+</details>
+