Effectiveness of Adversarial Examples and Defenses for Malware Classification
This work addresses security vulnerabilities in neural networks for malware detection, but it is incremental as it adapts existing methods from image domains to malware.
The study investigated adversarial examples and defenses in malware classification, evaluating their effectiveness across multiple datasets to understand the threat landscape.
Artificial neural networks have been successfully used for many different classification tasks including malware detection and distinguishing between malicious and non-malicious programs. Although artificial neural networks perform very well on these tasks, they are also vulnerable to adversarial examples. An adversarial example is a sample that has minor modifications made to it so that the neural network misclassifies it. Many techniques have been proposed, both for crafting adversarial examples and for hardening neural networks against them. Most previous work has been done in the image domain. Some of the attacks have been adopted to work in the malware domain which typically deals with binary feature vectors. In order to better understand the space of adversarial examples in malware classification, we study different approaches of crafting adversarial examples and defense techniques in the malware domain and compare their effectiveness on multiple datasets.