ATWM: Defense against adversarial malware based on adversarial training
This addresses the vulnerability of malware detection models to adversarial attacks, offering a domain-specific defense for cybersecurity, but it is incremental as it adapts existing adversarial training techniques to malware.
The paper tackles the problem of adversarial malware evading deep learning-based Windows malware detection models by proposing an adversarial training defense method that uses preprocessing to reduce training difficulty and improve defense capability, showing it can enhance adversarial defense without reducing model accuracy in experiments with three attack methods on two datasets.
Deep learning technology has made great achievements in the field of image. In order to defend against malware attacks, researchers have proposed many Windows malware detection models based on deep learning. However, deep learning models are vulnerable to adversarial example attacks. Malware can generate adversarial malware with the same malicious function to attack the malware detection model and evade detection of the model. Currently, many adversarial defense studies have been proposed, but existing adversarial defense studies are based on image sample and cannot be directly applied to malware sample. Therefore, this paper proposes an adversarial malware defense method based on adversarial training. This method uses preprocessing to defend simple adversarial examples to reduce the difficulty of adversarial training. Moreover, this method improves the adversarial defense capability of the model through adversarial training. We experimented with three attack methods in two sets of datasets, and the results show that the method in this paper can improve the adversarial defense capability of the model without reducing the accuracy of the model.