Improving Robustness of Malware Classifiers using Adversarial Strings Generated from Perturbed Latent Representations
This work addresses the incremental challenge of enhancing malware classifier robustness against real-world adversarial attacks for cybersecurity applications.
The paper tackled the problem of malware detection evasion through adversarial filename strings, generating realistic adversarial examples via latent representation perturbations and using them to train classifiers, resulting in significantly improved robustness with minimal standard accuracy loss.
In malware behavioral analysis, the list of accessed and created files very often indicates whether the examined file is malicious or benign. However, malware authors are trying to avoid detection by generating random filenames and/or modifying used filenames with new versions of the malware. These changes represent real-world adversarial examples. The goal of this work is to generate realistic adversarial examples and improve the classifier's robustness against these attacks. Our approach learns latent representations of input strings in an unsupervised fashion and uses gradient-based adversarial attack methods in the latent domain to generate adversarial examples in the input domain. We use these examples to improve the classifier's robustness by training on the generated adversarial set of strings. Compared to classifiers trained only on perturbed latent vectors, our approach produces classifiers that are significantly more robust without a large trade-off in standard accuracy.