attack 2025

Evasive Ransomware Attacks Using Low-level Behavioral Adversarial Examples

Manabu Hirano 1, Ryotaro Kobayashi 2

1 National Institute of Technology, Toyota College

2 Kogakuin University

0 citations · CSR
α

Published on arXiv

2508.08656

Input Manipulation Attack

OWASP ML Top 10 — ML01

Key Finding

Attackers can manipulate ransomware behavioral features (I/O patterns, memory access) via source-code parameter tuning to decrease the detection rate of deep learning-based behavioral ransomware detectors.

Low-level Behavioral Adversarial Examples

Novel technique introduced

Protecting state-of-the-art AI-based cybersecurity defense systems from cyber attacks is crucial. Attackers create adversarial examples by adding small changes (i.e., perturbations) to the attack features to evade or fool the deep learning model. This paper introduces the concept of low-level behavioral adversarial examples and its threat model of evasive ransomware. We formulate the method and the threat model to generate the optimal source code of evasive malware. We then examine the method using the leaked source code of Conti ransomware with the micro-behavior control function. The micro-behavior control function is our test component to simulate changing source code in ransomware; ransomware's behavior can be changed by specifying the number of threads, file encryption ratio, and delay after file encryption at the boot time. We evaluated how much an attacker can control the behavioral features of ransomware using the micro-behavior control function to decrease the detection rate of a ransomware detector.

Key Contributions

  • Introduces the concept of 'low-level behavioral adversarial examples' that constrain adversarial perturbations to physically realizable changes in ransomware source code (thread count, file encryption ratio, encryption delay)
  • Formalizes a threat model for generating optimal evasive malware source code against behavioral-based ML detectors
  • Demonstrates the attack using leaked Conti ransomware source code, showing attackers can meaningfully reduce detection rates by tuning micro-behavior control parameters

🛡️ Threat Analysis

Input Manipulation Attack

The paper proposes 'low-level behavioral adversarial examples' — perturbations applied at the ransomware source-code level (thread count, encryption ratio, delay) that manipulate behavioral feature vectors at inference time to cause an ML-based ransomware detector to misclassify malware as benign. This is an evasion attack directly targeting a deep learning model's input features.

Details

Domains
tabular
Model Types
cnn
Threat Tags
black_boxinference_timetargeteddigital
Datasets
Conti ransomware (leaked source code)
Applications
malware detectionransomware detection
Read PDF arXiv DOI

Similar Papers

attack

Uncovering and Understanding FPR Manipulation Attack in Industrial IoT Networks

2026 0 cit.
Input Manipulation Attack
83%
attack

Shapes are not enough: CONSERVAttack and its use for finding vulnerabilities and uncertainties in machine learning applications

2026 0 cit.
Input Manipulation Attack
77%
attack

LLM-Driven Feature-Level Adversarial Attacks on Android Malware Detectors

2025 0 cit.
Input Manipulation Attack
67%
attack

Adversarial Patch Attack for Ship Detection via Localized Augmentation

2025 0 cit.
Input Manipulation Attack
64%
attack

SEGA: A Transferable Signed Ensemble Gaussian Black-Box Attack against No-Reference Image Quality Assessment Models

2025 0 cit.
Input Manipulation Attack
64%
attack

On the Adversarial Robustness of Learning-based Conformal Novelty Detection

2025 1 cit.
Input Manipulation Attack
64%
attack

Contract And Conquer: How to Provably Compute Adversarial Examples for a Black-Box Model?

2026 0 cit.
Input Manipulation Attack
64%
attack

Investigating Adversarial Robustness against Preprocessing used in Blackbox Face Recognition

2025 0 cit.
Input Manipulation Attack
64%