27 research outputs found
Dynamic Slicing for Deep Neural Networks
Program slicing has been widely applied in a variety of software engineering
tasks. However, existing program slicing techniques only deal with traditional
programs that are constructed with instructions and variables, rather than
neural networks that are composed of neurons and synapses. In this paper, we
propose NNSlicer, the first approach for slicing deep neural networks based on
data flow analysis. Our method understands the reaction of each neuron to an
input based on the difference between its behavior activated by the input and
the average behavior over the whole dataset. Then we quantify the neuron
contributions to the slicing criterion by recursively backtracking from the
output neurons, and calculate the slice as the neurons and the synapses with
larger contributions. We demonstrate the usefulness and effectiveness of
NNSlicer with three applications, including adversarial input detection, model
pruning, and selective model protection. In all applications, NNSlicer
significantly outperforms other baselines that do not rely on data flow
analysis.Comment: 11 pages, ESEC/FSE '2
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
Abstract-Fueled by an emerging underground economy, malware authors are exploiting vulnerabilities at an alarming rate. To make matters worse, obfuscation tools are commonly available, and much of the malware is open source, leading to a huge number of variants. Behavior-based detection techniques are a promising solution to this growing problem. However, these detectors require precise specifications of malicious behavior that do not result in an excessive number of false alarms. In this paper, we present an automatic technique for extracting optimally discriminative specifications, which uniquely identify a class of programs. Such a discriminative specification can be used by a behavior-based malware detector. Our technique, based on graph mining and concept analysis, scales to large classes of programs due to probabilistic sampling of the specification space. Our implementation, called HOLMES, can synthesize discriminative specifications that accurately distinguish between programs, sustaining an 86% detection rate on new, unknown malware, with 0 false positives, in contrast with 55% for commercial signature-based antivirus (AV) and 62-64% for behavior-based AV (commercial or research)