WebAssembly (Wasm) is a low-level binary format for web applications, which has found widespread adoption due to its improved performance and compatibility with existing software. However, the popularity of Wasm has also led to its exploitation for malicious purposes, such as cryptojacking, where malicious actors use a victim's computing resources to mine cryptocurrencies without their consent. To counteract this threat, machine learning-based detection methods aiming to identify cryptojacking activities within Wasm code have emerged. It is well-known that neural networks are susceptible to adversarial attacks, where inputs to a classifier are perturbed with minimal changes that result in a crass misclassification. While applying changes in image classification is easy, manipulating binaries in an automated fashion to evade malware classification without changing functionality is non-trivial. In this work, we propose a new approach to include adversarial examples in the code section of binaries via instrumentation. The introduced gadgets allow for the inclusion of arbitrary bytes, enabling efficient adversarial attacks that reliably bypass state-of-the-art machine learning classifiers such as the CNN-based Minos recently proposed at NDSS 2021. We analyze the cost and reliability of instrumentation-based adversarial example generation and show that the approach works reliably at minimal size and performance overheads.

翻译：WebAssembly（Wasm）是一种面向网络应用程序的低级二进制格式，因其性能提升及与现有软件的兼容性而得到广泛应用。然而，Wasm 的普及也导致其被用于恶意目的，例如加密货币劫持——恶意行为者在未经用户同意的情况下利用受害者的计算资源挖掘加密货币。为应对这一威胁，旨在识别 Wasm 代码中加密货币劫持行为的基于机器学习检测方法应运而生。众所周知，神经网络易受对抗攻击影响——攻击者通过对分类器输入施加微小扰动，从而引发严重的误分类。虽然图像分类中的改动易于实现，但以自动方式操控二进制文件以规避恶意软件分类且不改变其功能则并非易事。本文提出一种新方法，通过插桩技术在二进制文件的代码段中嵌入对抗样本。所引入的探测代码允许包含任意字节，从而实现高效的对抗攻击，可靠绕过最先进的机器学习分类器（例如近期在 NDSS 2021 会议上提出的基于 CNN 的 Minos 分类器）。我们分析了基于插桩的对抗样本生成的成本与可靠性，并证明该方法在极小的规模与性能开销下仍能可靠运行。