WebAssembly (Wasm) is a low-level binary format for web applications, which has found widespread adoption due to its improved performance and compatibility with existing software. However, the popularity of Wasm has also led to its exploitation for malicious purposes, such as cryptojacking, where malicious actors use a victim's computing resources to mine cryptocurrencies without their consent. To counteract this threat, machine learning-based detection methods aiming to identify cryptojacking activities within Wasm code have emerged. It is well-known that neural networks are susceptible to adversarial attacks, where inputs to a classifier are perturbed with minimal changes that result in a crass misclassification. While applying changes in image classification is easy, manipulating binaries in an automated fashion to evade malware classification without changing functionality is non-trivial. In this work, we propose a new approach to include adversarial examples in the code section of binaries via instrumentation. The introduced gadgets allow for the inclusion of arbitrary bytes, enabling efficient adversarial attacks that reliably bypass state-of-the-art machine learning classifiers such as the CNN-based Minos recently proposed at NDSS 2021. We analyze the cost and reliability of instrumentation-based adversarial example generation and show that the approach works reliably at minimal size and performance overheads.

翻译：WebAssembly（Wasm）是一种面向Web应用程序的低级二进制格式，因其性能提升及与现有软件的兼容性而被广泛采用。然而，Wasm的普及也导致其被用于恶意目的，例如加密货币劫持——恶意行为者未经用户同意利用其计算资源挖掘加密货币。为应对这一威胁，旨在识别Wasm代码中加密货币劫持行为的机器学习检测方法应运而生。众所周知，神经网络易受对抗攻击影响：对分类器输入施加微小扰动即可导致严重的误分类。尽管在图像分类中实施扰动较为容易，但如何在保持功能不变的前提下，以自动化方式操控二进制文件以规避恶意软件分类极具挑战性。本研究提出一种新方法，通过指令注入在二进制文件的代码段中嵌入对抗样本。所引入的指令片段可携带任意字节，从而实现高效的对抗攻击，可靠绕过最先进的机器学习分类器（如NDSS 2021近期提出的基于CNN的Minos系统）。我们分析了基于指令注入的对抗样本生成成本与可靠性，并证明该方法在最小体积与性能开销下可稳定运行。